Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rule Creation Question !.

From: Michael Boman <michael () ayeka dyndns org>
Date: Wed, 2 Oct 2002 09:23:23 +0800
On Tue, Oct 01, 2002 at 04:39:34PM +0200, Moreno Poli wrote:

if i have a server with pop3 and smtp services, is possible create a
rule that log all incoming traffic except  traffic for this 2 ports, i
know that is possible
create a rule that log all traffic except 1 port , but if the port are
two or tree is possible ?
 
 
Moreno Poli


Yes, use bpf filters:

not port 25 and not port 110


Then you can ask snort to log everything, as it's totaly blind about
SMTP and POP3 traffic (never gets them).

'man tcpdump' will tell you how to write bpf filters, and snort manpage
will tell you how to use them.

Best regards
 Michael Boman

-- 
Michael Boman
Student, Husband, Geek. Not necessary in that order thought.



-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server 
today at http://www.ServePath.com/indexfm.htm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: