[Snort-users] Snort and port lists

Martin Roesch roesch at ...1935...
Fri Oct 11 13:11:03 EDT 2002


On Wednesday, October 9, 2002, at 03:07 PM, Sean Wheeler wrote:

> Elo folks,
>
> Say does snort 1.9.0 support port lists ?

Nope, that will be implemented when we switch to our new rules parser 
in the not-too-distant future.  :)

> I am aware of port ranges and individual ports but I am not sure if a 
> list
> of ports is supported.
>
> for exampled I have ssh running on port xx and port xyz
>
> If this is not yet supported, what workarounds are you using ?
> I was thinking double the rule ..ouch

Yup, doubling the rule works, shouldn't be that much more strain on the 
system due to the way the RTNs are processed...

      -Marty

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list