[Snort-users] Status update
lenb at ...750...
Sat Nov 18 17:16:28 EST 2000
On Sat, 18 Nov 2000, roesch wrote:
> Hi everyone,
> Sorry for my lack of participation this week, I've been out on the west coast for some meetings.
> I'm in the process of putting up a new set of code into CVS that's got a major new piece: IP lists. That's right, you can finally issue a list of IP addresses in a Snort rule. About damn time, huh? :)
> Anyway, to use it you have to enclose the address list in square brackets and separate the addresses with commas. Note that you can't put spaces between the addresses right now, it confuses the parser. Here's an example of the format:
> If you used it in a var, it'd look like this:
> var FOO [10.1.1.0/24,192.168.1.0/24]
This is great! I am fiddling with it over here and
perhaps it is not yet fully in place, but trying it from a cvs of
perhaps an hour ago, I have the following:
var HOME_NET [192.168.236.160/27,192.168.237.0/24,192.168.236.192/27]
Nov 18 14:02:37 seashell snort: ERROR snort.conf (42) => Rule netmask
(27,192.168.237.0/24,192.168.236.192/27]) didn't x-late, WTF?
More information about the Snort-users