[Snort-sigs] ports

Joe Patterson jpatterson at ...2901...
Wed Jan 5 08:27:46 EST 2005


Messageum, false.  The second variable definition would override the first,
which would leave you with the equivalent of:

alert tcp any 110 -> any any blah blah
which is not what you want.

-Joe
  -----Original Message-----
  From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net]On Behalf Of Esler, Joel -
Contractor
  Sent: Wednesday, January 05, 2005 8:01 AM
  To: snort-sigs at lists.sourceforge.net; snort-users at lists.sourceforge.net
  Subject: RE: [Snort-sigs] ports


  you can't do a list of ports, the best you can do is something like

  ---snort.conf----
  var SPECIFIC_PORT 21
  var SPECIFIC_PORT 110

  then in your rule

  alert tcp any $SPECIFIC_PORT -> any any blah blah.
    -----Original Message-----
    From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of reynald
    Sent: Tuesday, January 04, 2005 10:49 PM
    To: snort-sigs at lists.sourceforge.net
    Cc: Reynald Mahinay
    Subject: [Snort-sigs] ports


    Hello,

    How can i define a list of ports? eg. 25,110 doesn't work... Now i know
snort can do
    port ranging, but how about a specific list of ports only.

    please help..thanks


    reynald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050105/8294af99/attachment.html>


More information about the Snort-sigs mailing list