Snort mailing list archives

newbie-writing rules help

From: charella constansia <sharella () yahoo com>
Date: Mon, 22 Jul 2002 13:38:17 -0700 (PDT)

hai,

I hav a question! I'm a newbie so maybe this sounds
like a stupid question to you but please help me.

I want to write some rules. 
I problem is that I have a server and only certain
activities are allowed.

For example only traffic from the outside going to
port :80,23,8000,8001,8002 and a few more are allowed.
How must I define this;
I thought of:
alert tcp any anu -> any 1[80,23,8000,8001,8002]
(msg:"Er";)
Is this good. I looked in the Snort users manual but I
couldn't find the answer.

Thanks, I hope that somebody can help me.

sharella () yahoo com

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: newbie-writing rules help McCammon, Keith (Jul 22)
- <Possible follow-ups>
- newbie-writing rules help charella constansia (Jul 22)
  - Re: newbie-writing rules help Erek Adams (Jul 22)
  - Re: newbie-writing rules help Matt Kettler (Jul 22)