I have a snort rule
alert tcp any -> !142.250.200.14 any (msg:"Bad Website"; sid:1000002; rev:1;)
The problem is it logs all websites, including the one listed as 142.250.200.14 as 'bad website'.
I want all websites to be alerted except 142.250.200.14, is there an easy fix to the rule?
I suspect it has something to do with the ','. but I'm not sure.
PS. I'm a newbie.
You can make a list and iterate through that. You can reverse the effect or avoid it this way.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.