[Snort-users] Snort still can't do multiple individual ports for a single rule?!

Wirth, Jeff WirthJe at ...4876...
Thu Sep 12 12:45:03 EDT 2002


From: Clint Byrum [mailto:cbyrum at ...6660...]
> 
> Hi there. I'm trying to figure this one out. Basically, I'm using
> snortcenter(which absolutely ROCKS, THANK YOU to those who 
> wrote it). I
> want to set the $SHELLCODE_PORTS variable to something like this:
> !445,!139,!9100

I believe this should work: 

var SHELLCODE_PORTS !443 !139 !9100

> 
> so that I don't get so many false positives from windows file 
> sharing and
> jetdirect(arg!).
> Is there any hope? Or do I have to maintain duplicate copies 
> of all of the
> shellcode rules?
> Thanks very much. :)
> 

- Jeff




More information about the Snort-users mailing list