Snort mailing list archives
Re: multiple port variable fun
From: "Ryan Hudson" <ryan () mydingo net au>
Date: Wed, 4 Jul 2007 07:33:40 +1000
Do you mean put that in snort.conf? Because when i tried that it just thought you were reading the same rules files multiple times and failed as the same pid's were being used multiple times. And the http_ports variable was over-written 3 times. -----Original Message----- From: Leon Ward [mailto:seclists () rm-rf co uk] Sent: Wednesday, 4 July 2007 3:27 AM To: ryan () mydingo net au Subject: Re: [Snort-users] multiple port variable fun Hi var HTTP_PORTS 80 include http.rules var HTTP_PORTS 8082 include http.rules var HTTP_PORTS 3001 include http.rules On 3 Jul 2007, at 05:57, ryan () mydingo net au wrote:
Hey all, My network has http traffic on multiple ports, what is the best way to setup a http_port variable so all relevant rules alerts on multiple ports. I need to setup the equvilant of: var http_ports 80,8082,3001 I know snort does not allow a comma seperated value for ports, just wondering if there is a way to have a port variable that is not a range etc. Cheers Ryan ---------------------------------------------------------------------- --- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- multiple port variable fun ryan (Jul 02)
- Message not available
- Re: multiple port variable fun Ryan Hudson (Jul 03)
- Re: multiple port variable fun Jeffrey Denton (Jul 04)
- Re: multiple port variable fun Frank Knobbe (Jul 24)
- Re: multiple port variable fun Justin Heath (Jul 25)
- Re: multiple port variable fun Ryan Hudson (Jul 03)
- Message not available