[Snort-users] Rule Creation Question !.

Michael Boman michael at ...3137...
Tue Oct 1 18:29:41 EDT 2002


On Tue, Oct 01, 2002 at 04:39:34PM +0200, Moreno Poli wrote:
> if i have a server with pop3 and smtp services, is possible create a
> rule that log all incoming traffic except  traffic for this 2 ports, i
> know that is possible
> create a rule that log all traffic except 1 port , but if the port are
> two or tree is possible ?
>  
>  
> Moreno Poli

Yes, use bpf filters:

not port 25 and not port 110


Then you can ask snort to log everything, as it's totaly blind about
SMTP and POP3 traffic (never gets them).

'man tcpdump' will tell you how to write bpf filters, and snort manpage
will tell you how to use them.

Best regards
 Michael Boman

-- 
Michael Boman
Student, Husband, Geek. Not necessary in that order thought.





More information about the Snort-users mailing list