Snort mailing list archives

RE: [Snort-sigs] ports

From: "Joe Patterson" <jpatterson () asgardgroup com>
Date: Wed, 5 Jan 2005 11:23:23 -0500

Messageum, false.  The second variable definition would override the first,
which would leave you with the equivalent of:

alert tcp any 110 -> any any blah blah
which is not what you want.

-Joe
  -----Original Message-----
  From: snort-sigs-admin () lists sourceforge net
[mailto:snort-sigs-admin () lists sourceforge net]On Behalf Of Esler, Joel -
Contractor
  Sent: Wednesday, January 05, 2005 8:01 AM
  To: snort-sigs () lists sourceforge net; snort-users () lists sourceforge net
  Subject: RE: [Snort-sigs] ports


  you can't do a list of ports, the best you can do is something like

  ---snort.conf----
  var SPECIFIC_PORT 21
  var SPECIFIC_PORT 110

  then in your rule

  alert tcp any $SPECIFIC_PORT -> any any blah blah.
    -----Original Message-----
    From: snort-sigs-admin () lists sourceforge net
[mailto:snort-sigs-admin () lists sourceforge net] On Behalf Of reynald
    Sent: Tuesday, January 04, 2005 10:49 PM
    To: snort-sigs () lists sourceforge net
    Cc: Reynald Mahinay
    Subject: [Snort-sigs] ports


    Hello,

    How can i define a list of ports? eg. 25,110 doesn't work... Now i know
snort can do
    port ranging, but how about a specific list of ports only.

    please help..thanks


    reynald

Current thread:

RE: [Snort-sigs] ports Esler, Joel - Contractor (Jan 05)
- RE: [Snort-sigs] ports Joe Patterson (Jan 05)
  - Re: RE: [Snort-sigs] ports Jason (Jan 05)
    - RE: RE: [Snort-sigs] ports Joe Patterson (Jan 05)
    - Re: RE: [Snort-sigs] ports Jason (Jan 05)
    - RE: RE: [Snort-sigs] ports Joe Patterson (Jan 05)
    - Re: RE: [Snort-sigs] ports Jason (Jan 05)
    - SFS 1.0.2 released Ophir Rachman (Jan 05)
- <Possible follow-ups>
- RE: RE: [Snort-sigs] ports Esler, Joel - Contractor (Jan 05)