[Snort-users] How can write rule with a range IP?

Joel Esler joel.esler at ...1935...
Sun Jan 27 09:18:28 EST 2008


Either seperate the multiple IP's that are in "[ ]" brackets with  
commas, or if all your IP's are consecutive, you may use CIDR notation.

J

On Jan 27, 2008, at 3:15 AM, bahamin takhtaei wrote:

> Hi,
> Please tell me How can write a rule in snort with a range IP, e.g.
> alert  icmp   [10.0.0.21 : 151.43.23.76 , 12.5.6.7] any -> any (sid: 
> 2000000;)
>
> I checked this rule and found that snort only checks the first  
> boundary of  range (10.0.0.21) in  packets!
>
> Thanks
>
>
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  
> Try it  
> now 
> .-------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080127/dba89305/attachment.html>


More information about the Snort-users mailing list