[Snort-users] pb with ports...

phelles phelles at ...1472...
Tue May 20 04:19:05 EDT 2003


hi everyone!!
i was wondering: is it possible to apply a rule except on 2 or 3
different ports? 
it could be something like: 


alert tcp $HOME_NET any -> $EXTERNAL_NET !8080 !5000 (msg:"test";
flow:to_server,established; resp:rst_all; content:"test "; offset:0;
depth:4; classtype:misc-activity; sid:66000; rev:3;)

but it doesn't work. 
Thanks in advance!!







More information about the Snort-users mailing list