[Snort-users] Ignoring ports
cmg at ...671...
Tue Nov 6 11:45:06 EST 2001
"Joshua Thomas" <thomasj at ...3870...> writes:
> How do I ignore arbirtary ports with out rewriting all the rules?
> For example, kazza runs on port 1214; how can I make all my rules not
> trigger on port 1214 traffic?
pcap filter of 'not tcp and port 1214 '
pass tcp any any <-> any 1214
along with using snort -o
Beware that this will open one for attacks due to clever attackers
using 1214 as a source port for the attack.
Someday, snort might be able to tell what kinda traffic it is and
possibly ignore it based on that.
Chris Green <cmg at ...671...>
"I'm beginning to think that my router may be confused."
More information about the Snort-users