Snort mailing list archives
Re: Snort and port lists
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 11 Oct 2002 16:09:19 -0400
On Wednesday, October 9, 2002, at 03:07 PM, Sean Wheeler wrote:
Elo folks, Say does snort 1.9.0 support port lists ?
Nope, that will be implemented when we switch to our new rules parser in the not-too-distant future. :)
I am aware of port ranges and individual ports but I am not sure if a listof ports is supported. for exampled I have ssh running on port xx and port xyz If this is not yet supported, what workarounds are you using ? I was thinking double the rule ..ouch
Yup, doubling the rule works, shouldn't be that much more strain on the system due to the way the RTNs are processed...
-Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCPDUMP Filter don't work :( counterping (Oct 09)
- Re: TCPDUMP Filter don't work :( Phil Wood (Oct 09)
- Re: TCPDUMP Filter don't work :( Jim Cliver (Oct 09)
- Snort and port lists Sean Wheeler (Oct 09)
- Re: Snort and port lists Martin Roesch (Oct 11)
- <Possible follow-ups>
- RE: TCPDUMP Filter don't work :( Wirth, Jeff (Oct 09)