[Snort-users] Rule to detect "well-behaved" multicast packets

Jonathan G. Lampe jonathan at ...2170...
Tue Jun 5 17:08:30 EDT 2001

I want to write a pass rule which will ignore certain "well-behaved" UDP
multicast packets on my local network.  (The external router won't let them
out with TTL<32.)  I've gotten this far (I know <32 is illegal!):

pass udp any -> (ttl: <32);

I do not want the full multicast range ( in my
example , but I think the only way to do get the full range is to do the
following.  (Someone correct me if I'm wrong...)

Complete SNORT Multicast Range (?),,

More information about the Snort-users mailing list