[Snort-sigs] What are the alert message capabilities

Sewell, Michael K sewe3547 at ...1239...
Tue Jan 28 18:01:04 EST 2003


I'm assuming that I'm just wishing for too much here, but is it possible to
match on a range (ports, address list, etc) or wildcard and take the
specific criteria in the matching packet and use it as part of the actual
alert message? Example: match on a range of ports, say 1:50, and a packet
comes along on port 21, which the alert message then indicates in its
output.




More information about the Snort-sigs mailing list