[Snort-sigs] Rule with two ports
bmc at ...95...
Fri Mar 1 10:43:14 EST 2002
According to Suzanne.VanPatten at ...394...:
> I'm trying to write a snort rule that allows me to alert on all traffic of a
> type that is not to two distinct ports...tried !porta!portb and all
> combinations I could think of (including creating a variable, i.e. PORTTEST
> [1,3]. Is there a way to do this??
Only if the ports are sequential.
For example : alert udp any any -> any any 161:162 (msg:"snmp";)
The plague, dirt, lack of running water, illiteracy, ignorance, and
oppressive political and social systems are what made the dark ages what
More information about the Snort-sigs