[Snort-sigs] Multiple ranges of ports
erek at ...101...
Thu Aug 15 15:43:01 EDT 2002
On Thu, 15 Aug 2002 rjohnson at ...759... wrote:
> I would like to write a rule to detect traffic that should not be on my
> network, however my range is not contiguous.
> So something like
> log tcp any !80 !443 <> any any
> >From my understading this feature won't be available until snort 2.0. Any
> workarounds, without having to make rules for countless ports that should
> not be on my net?
Well... Here's a snippet from the ChangeLog from 1.9 CVS.
2002-08-13 Chris Green <cmg at ...435...>
new option alert_odd_protocols
set allowed_ip_protocols to the numbers you like and it will alert
on all bad protocols
Sounds like that would be close to what you want.
More information about the Snort-sigs