[Snort-sigs] Fw: [Snort-users] negation symbol

reynald rtm at ...2840...
Thu Dec 9 17:55:07 EST 2004


hi,

I tried it but i still have the same result.

thanks,
reynald.

----- Original Message ----- 
From: Esler, Joel 
To: 'reynald' 
Sent: Thursday, December 09, 2004 3:26 PM
Subject: RE: [Snort-users] negation symbol


Take the brackets off.  !xxx.xxx.xxx.xxx/24 (this will block all traffic to yahoo you know that right)



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...2926...ts.sourceforge.net] On Behalf Of reynald
Sent: Thursday, December 09, 2004 1:44 AM
To: snort-users at lists.sourceforge.net
Cc: Reynald Mahinay
Subject: [Snort-users] negation symbol



hello,



I have this rule that will block all yahoo request coming from our network except for a particular segment. 



ex:

alert tcp ![xxx.xxx.xxx.xxx/24] any -> any any [msg: "yahoo block test"; content: "Yahoo"; nocase; resp: rst_all;)



It does block all yahoo request but it also blocks the segment i excluded. 



Did i missed anything?



any help will be appreciated.



thanks,

reynald


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20041209/1f7b5e99/attachment.html>


More information about the Snort-sigs mailing list