Snort mailing list archives

Re: Some broken rules in 1.8-beta7 Build 36

From: Brian Caswell <bmc () mitre org>
Date: Mon, 02 Jul 2001 19:13:17 -0400

Phil Wood wrote:

According to www.whitehats.com:

IDS253 and IDS252 specifies (port >= 1024) -> (port any)
In snort rule speak, the source port would be represented by:

  1024:, not :1024 (<=1024)


You are correct.  Not only should these rules be "1024:" instead of
":1024", they should be any rules.

-- 
Brian Caswell
The MITRE Corporation

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Some broken rules in 1.8-beta7 Build 36 Phil Wood (Jul 02)
- Re: Some broken rules in 1.8-beta7 Build 36 Brian Caswell (Jul 02)