[Snort-users] Stoopid port syntax question
erek at ...577...
Wed Jun 26 11:31:02 EDT 2002
On Wed, 26 Jun 2002, Kristopher Czachor wrote:
> I looked at Marty's bible, even read the FAQ. I understand that, in rule
> creation, I can set up a range of ports using the : operator, but how do
> I set up one rule to look for a hand full of widely scattered ports,
> like 21,23,80,443, etc.
Right now, the X:Y is the only way to range ports.
> Is something like that possible? I tried this and snort squeals. IMHO,
> it'd seem like this would help if I have a hand full of web servers all
> running on different ports.
Yes, it is possible... It's a kludge, but it can work. Since the newer rules
use $HTTP_PORTS variable, you simply reset it and re-run the rules for the
It's ugly, but it can and does work...
Hope that helps!
More information about the Snort-users