Snort mailing list archives

Re: Snort and port lists

From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 11 Oct 2002 16:09:19 -0400


On Wednesday, October 9, 2002, at 03:07 PM, Sean Wheeler wrote:

Elo folks,

Say does snort 1.9.0 support port lists ?

Nope, that will be implemented when we switch to our new rules parserin the not-too-distant future. :)

I am aware of port ranges and individual ports but I am not sure if alist

of ports is supported.

for exampled I have ssh running on port xx and port xyz

If this is not yet supported, what workarounds are you using ?
I was thinking double the rule ..ouch

Yup, doubling the rule works, shouldn't be that much more strain on thesystem due to the way the RTNs are processed...


     -Marty

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

TCPDUMP Filter don't work :( counterping (Oct 09)
- Re: TCPDUMP Filter don't work :( Phil Wood (Oct 09)
- Re: TCPDUMP Filter don't work :( Jim Cliver (Oct 09)
- Snort and port lists Sean Wheeler (Oct 09)
  - Re: Snort and port lists Martin Roesch (Oct 11)
- <Possible follow-ups>
- RE: TCPDUMP Filter don't work :( Wirth, Jeff (Oct 09)