[Snort-users] port lists for 1.8

Kristopher Czachor czachor at ...5935...
Thu Jun 27 06:14:01 EDT 2002


Could the addition of the ability to add non-sequenced ports (i.e.
80,81,8080 vs. 80:8080) to a signature be a new feature for 1.9? I know
it would be something that I would use as soon as it was released. Would
this be something that would be difficult to implement? 

Just a thought,
Kris



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jeffrey
Taylor
Sent: Wednesday, June 26, 2002 10:45 AM
To: 'snort-users at lists.sourceforge.net'
Subject: Re: [Snort-users] port lists for 1.8

>From the documentation on port numbers, section 2.2.4:



Port numbers may be specified in a number of ways, including "any"
ports, static port definitions, ranges, and by negation. "Any" ports
are a wildcard value, meaning literally any port. Static ports are
indicated by a single port number, such as 111 for portmapper, 23 for
telnet, or 80 for http, etc. Port ranges are indicated with the range
operator ":". The range operator may be applied in a number of ways to
take on different meanings, such as in Figure 2.6.

    log udp any any -> 192.168.1.0/24 1:1024 log udp  

traffic coming from any port and destination ports ranging from 1 to
1024 

HTH,
  Jeffrey

Quoting Ryan Hill <rhill at ...2446...>:
> sorry folks, couldn't find this after a quick search through the docs
- can
> someone tell me what the format is for specifying port listings on
1.8.
> from previous discussions, I seem to recall that 80-443 would work,
but not
> 80,81,82,83,443 - is this the case for 1.8.6?


-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list