Fw: negation symbol

["reynald" <rtm () cybees com>]

hi,

I tried it but i still have the same result.

thanks,
reynald.

----- Original Message ----- 
From: Esler, Joel 
To: 'reynald' 
Sent: Thursday, December 09, 2004 3:26 PM
Subject: RE: [Snort-users] negation symbol


Take the brackets off.  !xxx.xxx.xxx.xxx/24 (this will block all traffic to yahoo you know that right)



-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
reynald
Sent: Thursday, December 09, 2004 1:44 AM
To: snort-users () lists sourceforge net
Cc: Reynald Mahinay
Subject: [Snort-users] negation symbol



hello,



I have this rule that will block all yahoo request coming from our network except for a particular segment. 



ex:

alert tcp ![xxx.xxx.xxx.xxx/24] any -> any any [msg: "yahoo block test"; content: "Yahoo"; nocase; resp: rst_all;)



It does block all yahoo request but it also blocks the segment i excluded. 



Did i missed anything?



any help will be appreciated.



thanks,

reynald