Snort mailing list archives
Re: Rule header variables
From: Erick Mechler <emechler () techometer net>
Date: Wed, 22 Jan 2003 16:19:57 -0800
:: Can a rule header specify all traffic except a few subnets or hosts? In this :: example can the source have variables to exclude a few subnets or hosts? :: :: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"GAMBLING :: GAMES";content:"GAMBLING"; nocase; flow:to_client,established; sid:20000; :: rev:1000;) Sure it can. Check the Snort Users Manual on how to do exactly this. ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule header variables Jim Schwin (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)
- <Possible follow-ups>
- Re: Rule header variables Matt Kettler (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)
- Re: Rule header variables Matt Kettler (Jan 22)
- HTML E-Mail Rule Mike Koponick (Jan 22)
- Re: HTML E-Mail Rule Matt Kettler (Jan 22)
- RE: HTML E-Mail Rule Gordon Cunningham (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)