Snort mailing list archives
RE: Snort still can't do multiple individual ports for a single rule?!
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 12 Sep 2002 14:38:58 -0700 (PDT)
On Thu, 12 Sep 2002, Clint Byrum wrote:
I believe this should work: var SHELLCODE_PORTS !443 !139 !9100Thanks Jeff! This seems to have worked. This seems to be unclear in the documentation that I read.
Actually, No. This doesn't work. The parser won't find an error since technically, there isnt' one. Compile with --enable-debug, set the levels, and check the output file. You should see the rule parsed, but not with all the variables. Port lists have been requested more than once.... It's just "not that simple" to add them in. :) And would someone please beat me with a clue-bat if I'm wrong? ;-) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort still can't do multiple individual ports for a single rule?! Wirth, Jeff (Sep 12)
- RE: Snort still can't do multiple individual ports for a single rule?! Clint Byrum (Sep 12)
- RE: Snort still can't do multiple individual ports for a single rule?! Erek Adams (Sep 12)
- RE: Snort still can't do multiple individual ports for a single rule?! Clint Byrum (Sep 12)