[Snort-devel] Portlists

snort user snort.user at ...2499...
Thu Oct 30 08:23:02 EDT 2008


What does it mean by a pure not portobject ?


Ref: parser.c (snort 2.8)

    /* check for a pure not rule - fatal if we find one */
    if( PortObjectIsPureNot( portobject ) )
    {
      FatalError("Pure NOT ports are not allowed!\n");
      /*
      if( dst_flag )
        rtn->flags |= EXCEPT_DST_PORT;
      else
        rtn->flags |= EXCEPT_SRC_PORT;
      */
    }


With PortLists, is the function CheckDstPortNotEq used ?
It seems not.


Thanks



On Tue, Oct 28, 2008 at 4:44 PM, Steven Sturges
<steve.sturges at ...402...> wrote:
> Yes, this should be supported...
>
> portvar TEST_PORTS [80,[1,2,3],8000:9000]
> alert tcp any $TEST_PORTS -> any any (msg:"Test ports"; sid:3;)
>
> snort user wrote:
>> Hello,
>>
>> With PORTLISTS (snort 2.8) does it support list of lists of ports/ranges?
>>
>> for e.g. portvar TEST_PORTS [80,[1,2,3],8000:9000]
>>
>> Thanks
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>




More information about the Snort-devel mailing list