I'm just looking for a simple rule to block traffic from a specific
ip to
mine from any port to port 23 all the time. I tried:
alert tcp 123.192.96.98 any -> 192.168.0.1/24 23 (msg:"Blocked IP"; action: drop;)
But action is an unknown rule command... I found that with "alert
ip",
but I couldn't get that to work either. This should be really simple... I'm not trying to create a complex rule. This rule of course is all on one line.
Ok, I found block instead of alert and no parenthesis if that'll work.
That did nothing. I found:
alert tcp 192.168.0.11 any -> 192.168.0.3 23 (msg:"Telnet Traffic Blocked";drop;)
but that gives me an error that the rule option drop is unknown... I'm
trying to use AI overviews, but they're full of contradictions and errors. I also don't know how to determine what adapter snort is monitoring. I want to monitor the local ethernet, not my vpn... I'll shut up for a while now...
I'll take any suggestions. I've tried reading documentation, but it's more confusing than the AI suggestions... I should probably just not bother, this is ending up to be a lot more work than it's worth.
--
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss) (Ports 22,23,110,21,119,999) (ssh login 'bbs' password 'shsbbs')
*** THE READER V4.50 [freeware]
---
* Origin: Shurato's Heavenly Sphere
telnet://shsbbs.net (618:300/50)