[Snort-sigs] all but one port option?
mkettler at ...189...
Mon Feb 9 14:10:15 EST 2004
At 03:01 PM 2/9/2004, sam at ...219... wrote:
>You should be able to use the Not (!) operator in the ports as well as ip
Yep.. you can do a port, a range of ports, or a negation of either a single
port or a range.
The only thing you specifically can't do for ports which you can do for IP
addresses is have comma delimited lists of ports.
ie: you can't do things like this:
any any -> any [80,8080]
but port specs like these are legal:
any any -> any 80 #only port 80
any any -> any !80 # anything but port 80
any any -> any 20:80 #anything from 20 to 80, inclusive
any any -> any !20:80 #anything other than 20 to 80, inclusive.
More information about the Snort-sigs