[Snort-users] multiple port variable fun

Ryan Hudson ryan at ...14163...
Tue Jul 3 17:33:40 EDT 2007


Do you mean put that in snort.conf?  Because when i tried that it just
thought you were reading the same rules files multiple times and failed as
the same pid's were being used multiple times. And the http_ports variable
was over-written 3 times.

-----Original Message-----
From: Leon Ward [mailto:seclists at ...14165...] 
Sent: Wednesday, 4 July 2007 3:27 AM
To: ryan at ...14163...
Subject: Re: [Snort-users] multiple port variable fun

Hi

var HTTP_PORTS 80
include http.rules
var HTTP_PORTS 8082
include http.rules
var HTTP_PORTS 3001


include http.rules

On 3 Jul 2007, at 05:57, ryan at ...14163... wrote:

> Hey all,
>
> My network has http traffic on multiple ports, what is the best way to
> setup a http_port variable so all relevant rules alerts on multiple
> ports.  I need to setup the equvilant of:
>
> var http_ports 80,8082,3001
>
> I know snort does not allow a comma seperated value for ports, just
> wondering if there is a way to have a port variable that is not a
> range etc.
>
> Cheers
> Ryan
>
>
>
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list