Re: [Snort-users] new to snort

I think you may want to specify a destination port of 25 there as well
(for SMTP outbound).

alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"LOCAL traffic from
home to external";)=20

-Leon

>=20
On Mon, 2005-02-07 at 11:25 -0500, Matt Kettler wrote:
> At 10:27 AM 2/7/2005, J=FCrgen Schinker wrote:
> >can somebody write me a rule to detect simple mail Traffic from HOME_NET=
->
> >EXTERNAL_NET?
>=20
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"LOCAL traffic from home=
=20
> to external";)=20
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
>=20
--=20



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users