[Snort-users] Negating ports

shawn . moyer shawn at ...1184...
Wed Jan 31 00:13:35 EST 2001


Neither.

pass tcp any any <> $HOME_NET 135:139
pass udp any any <> $HOME_NET 135:139

Then make sure you start snort with the '-o' option.

But I would suggest that you are better off editing the rules file and
either deleting or negating (changing to pass) the specific rule you
want to disable.


"Deterding, Brent D." wrote:
> 
> Heya,
>         Which of these rules would NOT look at tcp port 135-139?
> 
> alert tcp any !135:139
> 
> OR
> 
> alert tcp any !135:136:137:138:139
> 
> thanks!



--shawn

-- 
s h a w n   m o y e r
shawn at ...1184...




More information about the Snort-users mailing list