Snort mailing list archives
Fw: negation symbol
From: "reynald" <rtm () cybees com>
Date: Fri, 10 Dec 2004 10:00:12 +0800
hi, I tried it but i still have the same result. thanks, reynald. ----- Original Message ----- From: Esler, Joel To: 'reynald' Sent: Thursday, December 09, 2004 3:26 PM Subject: RE: [Snort-users] negation symbol Take the brackets off. !xxx.xxx.xxx.xxx/24 (this will block all traffic to yahoo you know that right) -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of reynald Sent: Thursday, December 09, 2004 1:44 AM To: snort-users () lists sourceforge net Cc: Reynald Mahinay Subject: [Snort-users] negation symbol hello, I have this rule that will block all yahoo request coming from our network except for a particular segment. ex: alert tcp ![xxx.xxx.xxx.xxx/24] any -> any any [msg: "yahoo block test"; content: "Yahoo"; nocase; resp: rst_all;) It does block all yahoo request but it also blocks the segment i excluded. Did i missed anything? any help will be appreciated. thanks, reynald
Current thread:
- negation symbol reynald (Dec 08)
- <Possible follow-ups>
- Fw: negation symbol reynald (Dec 09)