[Snort-users] "All except" rules
jcorgan at ...1638...
Thu Mar 22 10:54:03 EST 2001
Being new user to snort, I'm not quite up to speed on the rules language.
However, I don't see how to program a rule that would trigger on "all
destination ports except these specified well known ports".
I'd like to log all tcp SYN attempts to any port that aren't in a well known
list such as pop3, www, ftp, smtp, etc.
Am I really, really missing something simple? Appropriate embarassment will
follow if I am.
More information about the Snort-users