RE: Variables and Negation

["L. Christopher Luther" <CLuther () Xybernaut com>]

Try and reverse the order in which you list the two networks in the var
HTTP_SERVERS definition.  I believe Snort builds/checks the rules in the
order in which the networks are listed.  Therefore, you will get a hit on
the $HOME_NET before the negation occurs.  I think...  

HTH
- Christopher

-----Original Message-----
From: Jason Luke [mailto:jluke () truarx com]
Sent: Monday, March 17, 2003 2:48 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Variables and Negation


I cannot seem to get it right and didn't find a definitive answer on the
list.
I have a variable $HOME_NET 192.168.0.0/16
I want to set $HTTP_SERVERS to $HOME_NET except for 192.168.2.2, my  proxy.
Can I do:
$HTTP_SERVERS [$HOME_NET, !192.168.2.2/32] ??

Is there a better way to exclude only one IP?


-- 

Jason


-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users