[Snort-users] Snort and port lists
roesch at ...1935...
Fri Oct 11 13:11:03 EDT 2002
On Wednesday, October 9, 2002, at 03:07 PM, Sean Wheeler wrote:
> Elo folks,
> Say does snort 1.9.0 support port lists ?
Nope, that will be implemented when we switch to our new rules parser
in the not-too-distant future. :)
> I am aware of port ranges and individual ports but I am not sure if a
> of ports is supported.
> for exampled I have ssh running on port xx and port xyz
> If this is not yet supported, what workarounds are you using ?
> I was thinking double the rule ..ouch
Yup, doubling the rule works, shouldn't be that much more strain on the
system due to the way the RTNs are processed...
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users