Snort mailing list archives

Re: Maybe I'm missing something...

From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 5 May 2010 22:50:29 -0500

Don't forget the colon...

alert tcp $EXTERNAL_NET 6112 -> $HOME_NET 1024:


According to the example in the snort manual this means any port equal
to or greater than 1024, 43844 > 1024.

 "log tcp any :1024 -> 192.168.1.0/24 500:
  log tcp traffic from privileged ports less than or equal to 1024
going to ports greater than or equal to 500
"
Regards,

Will

------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

Maybe I'm missing something... Will Metcalf (May 05)
- Re: Maybe I'm missing something... beenph (May 05)
  - Re: Maybe I'm missing something... Will Metcalf (May 05)
    - Re: Maybe I'm missing something... beenph (May 05)
    - Re: Maybe I'm missing something... Will Metcalf (May 05)
    - Re: Maybe I'm missing something... beenph (May 05)
    - Re: Maybe I'm missing something... Will Metcalf (May 05)