[Snort-sigs] Fw: [Snort-users] negation symbol

reynald rtm at ...2840...
Thu Dec 9 17:55:07 EST 2004


I tried it but i still have the same result.


----- Original Message ----- 
From: Esler, Joel 
To: 'reynald' 
Sent: Thursday, December 09, 2004 3:26 PM
Subject: RE: [Snort-users] negation symbol

Take the brackets off.  !xxx.xxx.xxx.xxx/24 (this will block all traffic to yahoo you know that right)

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...2926...ts.sourceforge.net] On Behalf Of reynald
Sent: Thursday, December 09, 2004 1:44 AM
To: snort-users at lists.sourceforge.net
Cc: Reynald Mahinay
Subject: [Snort-users] negation symbol


I have this rule that will block all yahoo request coming from our network except for a particular segment. 


alert tcp ![xxx.xxx.xxx.xxx/24] any -> any any [msg: "yahoo block test"; content: "Yahoo"; nocase; resp: rst_all;)

It does block all yahoo request but it also blocks the segment i excluded. 

Did i missed anything?

any help will be appreciated.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20041209/1f7b5e99/attachment.html>

More information about the Snort-sigs mailing list