[Snort-sigs] Not-ing out ports

James Lay jlay at ...3266...
Mon May 13 11:23:51 EDT 2013


Good catch...too early, not even coffee ;)

On 2013-05-13 09:06, Jason Wallace wrote:
> On Mon, May 13, 2013 at 10:19 AM, Lay, James 
> <james.lay at ...3513...
> [8]> wrote:
>
>> Guessing you’ll want the !25 on both ends since it’s
>> bidirectional:
>>
>>  
>>
>> alert tcp !25 any <> any !25
>
> Isnt that first !25 in the IP address field? Wouldnt it be...
>
> alert tcp any !25 <> any !25
>
>  
>
>>  
>>
>> James





More information about the Snort-sigs mailing list