Snort mailing list archives
Re: Stoopid port syntax question
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 26 Jun 2002 11:30:28 -0700 (PDT)
On Wed, 26 Jun 2002, Kristopher Czachor wrote:
I looked at Marty's bible, even read the FAQ. I understand that, in rule creation, I can set up a range of ports using the : operator, but how do I set up one rule to look for a hand full of widely scattered ports, like 21,23,80,443, etc.
Right now, the X:Y is the only way to range ports. [...snip...]
Is something like that possible? I tried this and snort squeals. IMHO, it'd seem like this would help if I have a hand full of web servers all running on different ports.
Yes, it is possible... It's a kludge, but it can work. Since the newer rules use $HTTP_PORTS variable, you simply reset it and re-run the rules for the other ports. It's ugly, but it can and does work... Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stoopid port syntax question Kristopher Czachor (Jun 26)
- Re: Stoopid port syntax question Erek Adams (Jun 26)
- Re: Stoopid port syntax question Bennett Todd (Jun 27)
- Re: Stoopid port syntax question Chris Green (Jun 27)
- RE: Stoopid port syntax question Kristopher Czachor (Jun 27)
- Re: Stoopid port syntax question Chris Green (Jun 27)
- Re: Stoopid port syntax question Bennett Todd (Jun 27)
- Re: Stoopid port syntax question Erek Adams (Jun 26)