[Snort-users] newbie-writing rules help

charella constansia sharella at ...131...
Mon Jul 22 13:39:04 EDT 2002


hai,

I hav a question! I'm a newbie so maybe this sounds
like a stupid question to you but please help me.

I want to write some rules. 
I problem is that I have a server and only certain
activities are allowed.

For example only traffic from the outside going to
port :80,23,8000,8001,8002 and a few more are allowed.
How must I define this;
I thought of:
alert tcp any anu -> any 1[80,23,8000,8001,8002]
(msg:"Er";)
Is this good. I looked in the Snort users manual but I
couldn't find the answer.

Thanks, I hope that somebody can help me.

sharella at ...131...

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




More information about the Snort-users mailing list