[Snort-users] Stoopid port syntax question

Kristopher Czachor czachor at ...5935...
Wed Jun 26 08:59:02 EDT 2002

Hey all,


I looked at Marty's bible, even read the FAQ. I understand that, in rule
creation, I can set up a range of ports using the : operator, but how do
I set up one rule to look for a hand full of widely scattered ports,
like 21,23,80,443, etc.


Here's an example which might better help explain:

alert tcp any -> 21,23,80 (content <blah blah


Is something like that possible? I tried this and snort squeals. IMHO,
it'd seem like this would help if I have a hand full of web servers all
running on different ports. 


As always, thanks in advance.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020626/8e806712/attachment.html>

More information about the Snort-users mailing list