[Snort-sigs] A question about Snort

Maria Teresa Herrera Hueso mtherhue at ...1601...
Thu Jun 12 10:42:23 EDT 2003


we have installed Snort 2.0. We would like to make our own alerts for Snort.

We would like to modify this alert:

alert tcp $HOME_NET any -> $EXTERNAL_NET !80 (msg:"P2P GNUTella GET"; 
flow:to_server,established; content:"GET "; offset:0; depth:4; 
classtype:policy-violation; sid:1432; rev:4;)

to specify ! 80 and ! 8080, I mean, there were no alerts these ports( 80 
and 8080) , but we do not know how to write it. How could we do it? 
Could you to send us a manual  about this, please?

Thank you very much.

Maite and Javi

More information about the Snort-sigs mailing list