Snort mailing list archives
Re: P2P GNUTella GET
From: Erek Adams <erek () snort org>
Date: Sat, 8 Mar 2003 10:20:03 -0500 (EST)
On Sat, 8 Mar 2003, [iso-8859-1] Always Bishan wrote: [...snip...]
i want to exclude 8080 port number along with 80 as mentioned in the alert above how do i tell the rule to ignore port 8080 along with 80?
Use BPF filters or a pass rule. The information on how to do that is in the docs [0]. Please have a read. You'd be surprised at the amount of your questions that are answered in them. And the ones that aren't... Who knows, you may even find the answer in the FAQ [1]. ;-) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.snort.org/docs/writing_rules/ [1] http://www.snort.org/docs/faq.html ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- P2P GNUTella GET Always Bishan (Mar 08)
- Re: P2P GNUTella GET Erek Adams (Mar 08)
- Re: P2P GNUTella GET Kenneth G. Arnold (Mar 08)
- RE: P2P GNUTella GET Dave Thornburgh (Mar 10)
- RE: P2P GNUTella GET Erek Adams (Mar 10)
- RE: P2P GNUTella GET Always Bishan (Mar 10)