[Snort-devel] Portvar details question.
snort.user at ...2499...
Sun Sep 7 13:06:53 EDT 2008
I have a question on portvar feature of snort 2.8 --
Consider the following rule -
var HTTP_PORTS 8000:9000
alert tcp any any -> any $HTTP_PORTS ( msg:"Example"; content:"GET";
Before portvar, this rule would be placed in the generic group since
the source port was ANY and the dest ports was a range.
With portvar, is that still the case?
What if the ports was declared as [80,3128,8080]? Is it placed in the
Thanks for the reply. I will be looking at the code, but would
appreciate your reply.
More information about the Snort-devel