[Snort-users] Snort still can't do multiple individual ports for a single rule?!

Clint Byrum cbyrum at ...6660...
Thu Sep 12 11:48:03 EDT 2002


Hi there. I'm trying to figure this one out. Basically, I'm using
snortcenter(which absolutely ROCKS, THANK YOU to those who wrote it). I
want to set the $SHELLCODE_PORTS variable to something like this:
!445,!139,!9100

so that I don't get so many false positives from windows file sharing and
jetdirect(arg!).
Is there any hope? Or do I have to maintain duplicate copies of all of the
shellcode rules?
Thanks very much. :)






More information about the Snort-users mailing list