[Snort-users] non-CIDR address masking in rules?

Glenn Forbes Fleming Larratt glratt at ...604...
Mon Nov 5 15:00:01 EST 2001

Is there a way to use address/mask pairs explicitly in a rule, rather than
CIDR notation? Particularly, does snort have the capability to understand
address/mask pairs that *don't* simplify to CIDR notation, eg: => or

or => anything in with a last
					octet > 239



				Glenn Forbes Fleming Larratt
				Rice University Network Management
				glratt at ...604...

More information about the Snort-users mailing list