[Snort-sigs] src or dst port

alejandro corletti acorletti at ...12...
Tue Aug 12 08:36:42 EDT 2003


My name is Alejandro Corletti, i am using snort to control GTP tunnel in 
GPRS traffic. I create many local rules with "pass udp determinate_IP_source 
3386 <> any any".  At the bottom of them there is an "alert udp any 3386 <> 
any any (msg: " NEW NETWORK";).   This local.rules control the Roaming 
partner´s traffic over tunnel GTP and if any to prove create a new tunnel in 
udp port 3386, snort to send a log.

My problem is: I want to control the possible connection with an 
determinate_IP_source whith udp "source OR destination" port 3386, without 
to duplicate all rules .

in tcpdump it is "tcpdump -i eth1 host determinate_IP_source and (src port 
3386 or dst port 3386)"

How can i do it in Snnort ?

_________________________________________________________________
Accede al romance onine. Descubre gente que busca a otra gente en MSN Amor & 
Amistad. http://match.msn.es/





More information about the Snort-sigs mailing list