[Snort-users] How to use CIDR masks

Jack Pepper pepperjack at ...14319...
Tue Aug 12 09:09:26 EDT 2008

Quoting Salvo Danilo Giuffrida <salvodanilogiuffrida at ...11827...>:

> Hello, if in a Snort rule I write an address like this:
> Is it the same as
> or is it regarded as a single IP address?
> Thanks

The one with the last octet zeroed out ( ) is  
syntactically correct.  the other one is incorrect and should not be  
used.  Depending on the exact version of snort you are using, the  
incorrect syntax may or may not work as intended.



Framework?  I don't need no stinking framework!

@fferent Security Labs:  Isolate/Insulate/Innovate  

More information about the Snort-users mailing list