[Snort-users] Snort still can't do multiple individual ports for a single rule?!

Erek Adams erek at ...577...
Thu Sep 12 21:26:22 EDT 2002


On Thu, 12 Sep 2002, Clint Byrum wrote:

> > I believe this should work:
> >
> > var SHELLCODE_PORTS !443 !139 !9100
> >
>
> Thanks Jeff! This seems to have worked.
>
> This seems to be unclear in the documentation that I read.

Actually, No.  This doesn't work.  The parser won't find an error since
technically, there isnt' one.  Compile with --enable-debug, set the levels,
and check the output file.  You should see the rule parsed, but not with all
the variables.

Port lists have been requested more than once....  It's just "not that simple"
to add them in.  :)

And would someone please beat me with a clue-bat if I'm wrong?  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list