[Snort-sigs] all but one port option?

sam at ...219... sam at ...219...
Mon Feb 9 12:02:09 EST 2004


Actually, I think you could do something like !80, example:

alert tcp any any -> any !80 (msg: "This will trigger on any destination
port except port 80");

You should be able to use the Not (!) operator in the ports as well as ip
addresses...



>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The answer is probably no, but I will ask anyway.
>
> Is it possible to write a rule that listens in on all but one port?
> Say I wanted to listen to all TCP except port 80.
>
> Thanks,
> Keith
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQCfTkR0WKqFqu6VAEQLIEgCfcEvbf8pJQLAkFtoKEH0mMKk4jgkAnAiv
> zCGc9mlf04ExbLwJu7Dhv+TV
> =TXAc
> -----END PGP SIGNATURE-----
>
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>





More information about the Snort-sigs mailing list