[Snort-users] Snort still can't do multiple individual ports for a single rule?!

Michael Boman michael at ...3137...
Thu Sep 12 12:27:05 EDT 2002


On Thu, Sep 12, 2002 at 11:46:52AM -0700, Clint Byrum wrote:
> Hi there. I'm trying to figure this one out. Basically, I'm using
> snortcenter(which absolutely ROCKS, THANK YOU to those who wrote it). I
> want to set the $SHELLCODE_PORTS variable to something like this:
> !445,!139,!9100
> 
> so that I don't get so many false positives from windows file sharing and
> jetdirect(arg!).
> Is there any hope? Or do I have to maintain duplicate copies of all of the
> shellcode rules?
> Thanks very much. :)

Currently snort doesn't support port lists, only port ranges. I would
guess you need to create some pass rules or something. Anyone else have
a better idea?

Best regards
 Michael Boman

-- 
Michael Boman
Student, Husband, Geek. Not necessary in that order thought.





More information about the Snort-users mailing list