Re: Stoopid port syntax question

[Erek Adams <erek () theadamsfamily net>]

On Wed, 26 Jun 2002, Kristopher Czachor wrote:

> I looked at Marty's bible, even read the FAQ. I understand that, in rule
> creation, I can set up a range of ports using the : operator, but how do
> I set up one rule to look for a hand full of widely scattered ports,
> like 21,23,80,443, etc.

Right now, the X:Y is the only way to range ports.

[...snip...]

> Is something like that possible? I tried this and snort squeals. IMHO,
> it'd seem like this would help if I have a hand full of web servers all
> running on different ports.

Yes, it is possible...  It's a kludge, but it can work.  Since the newer rules
use $HTTP_PORTS variable, you simply reset it and re-run the rules for the
other ports.

It's ugly, but it can and does work...

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users