[Snort-sigs] Multiple ranges of ports

Bennett Todd bet at ...654...
Thu Aug 15 09:42:04 EDT 2002


2002-08-15-11:42:03 rjohnson at ...759...:
> So something like
> log tcp any !80 !443 <> any any

How about

	log tcp any    :79  <> any any
	log tcp any  81:442 <> any any
	log tcp any 444:    <> any any

> From my understading this feature won't be available until snort 2.0. Any
> workarounds, without having to make rules for countless ports that should
> not be on my net?

A list of N excluded ports (or ranges) is expressable as a list
of N+1 disjoint ranges. If you get enough of these that it gets
tedious, you could whack out a little preprocessor to automate
generating the "long form" from some more convenient compact
representation.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020815/9b34950b/attachment.sig>


More information about the Snort-sigs mailing list