Snort mailing list archives
Problem with rule
From: "james" <the_saint_james () yahoo com>
Date: Wed, 13 Mar 2002 11:18:29 -0700
var RADIUS_EXT [!216.126.128.165,!216.126.128.164,!66.19.192.195,!66.19.192.194,!216.126.13 6.244,\ !216.126.136.243,!216.126.128.11,!216.126.128.10,\ !216.126.128.9,!216.126.128.8,!192.5.41.40,!192.5.41.41,!216.126.128.8,!216. 126.128.9,\ !216.126.128.10,!216.126.128.11,!216.126.128.164,!216.126.128.165,!216.126.1 36.243,!66.19.192.194] alert tcp $RADIUS_EXT any -> $RADIUS 1645:1646 (msg:"Radius External TCP radius traffic not\ in allow table"; flags:A+;) alert udp $RADIUS_EXT any -> $RADIUS 1645:1646 (msg:"Radius External UDP radius traffic not\ in allow table";) I have also tried doing var RADIUS_EXT ![216.126.128.165, ect] This does not seem to work, I am trying to alert on outside radius contacts to our radius servers. Still getting alerts from the IP's in $ RADIUS_EXT. The rule does alert on contacts from radius ports. What am I doing wrong ? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with rule james (Mar 13)
- <Possible follow-ups>
- RE: Problem with rule Wirth, Jeff (Mar 13)