Snort mailing list archives
Re: Network Variables
From: "Seth Dunn" <seth () d2ms com>
Date: Thu, 2 May 2013 13:39:09 -0400
Ok, I will give that a shot. -----Original Message----- From: James Lay [mailto:jlay () slave-tothe-box net] Sent: Thursday, May 02, 2013 1:36 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Network Variables Parenthesis will help: "not (net 10.10.0.0/24 && dst host 10.75.45.1 && dst port 80) or (not net 10.30.0.0/24 && dst host 10.75.45.1 && dst port 80)" James On 2013-05-02 11:23, Seth Dunn wrote:
So now my question comes, since you were wondering about the rule I was using. This is my rule:: not net 10.10.0.0/24 and dst host 10.75.45.1 && dst port 80 or not net 10.30.0.0/24 and dst host 10.75.45.1 && dst port 80 By my understanding, and my desire to see happen is this. Traffic from the network 10.10.0.0/24 going to http at 10.75.45.1 should be ignored. Also, traffic from the network 10.30.0.0/24 going to http at 10.75.45.1 should be ignored. All other traffic is still monitored. Is this correct, base on the rule above, or should it be worded another way?
------------------------------------------------------------------------ ------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Network Variables, (continued)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Castle, Shane (May 02)
- Re: Network Variables seth (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables beenph (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables waldo kitty (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables waldo kitty (May 02)
- Message not available
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables waldo kitty (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Russ Combs (May 02)