[Snort-sigs] A question about Snort
Maria Teresa Herrera Hueso
mtherhue at ...1601...
Thu Jun 12 10:42:23 EDT 2003
we have installed Snort 2.0. We would like to make our own alerts for Snort.
We would like to modify this alert:
alert tcp $HOME_NET any -> $EXTERNAL_NET !80 (msg:"P2P GNUTella GET";
flow:to_server,established; content:"GET "; offset:0; depth:4;
classtype:policy-violation; sid:1432; rev:4;)
to specify ! 80 and ! 8080, I mean, there were no alerts these ports( 80
and 8080) , but we do not know how to write it. How could we do it?
Could you to send us a manual about this, please?
Thank you very much.
Maite and Javi
More information about the Snort-sigs