Snort mailing list archives
Re: Rule help
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Tue, 23 Dec 2008 14:39:38 -0600
Quoting "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>:
Is this in the docs anywhere? I've got the rule writing section in front of me and didn't see that in the protocol section. That would have been nice to know up front. :)
the "oddity" isn't that snort rule syntax ignores port numbers on IP. That's part of the IP protocol. the "oddity" IMO is that snort does not escalate a syntax error on IP protocol if the port is anthing other than "any". jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule help Jefferson, Shawn (Dec 19)
- Re: Rule help Markus Lude (Dec 19)
- Re: Rule help Matt Olney (Dec 19)
- Re: Rule help Jefferson, Shawn (Dec 23)
- Re: Rule help Joel Esler (Dec 23)
- Re: Rule help Jack Pepper (Dec 23)
- Re: Rule help Jefferson, Shawn (Dec 23)
- Re: Rule help Jack Pepper (Dec 23)
- Re: Rule help Jefferson, Shawn (Dec 23)
- Re: Rule help Joel Esler (Dec 23)
- Re: Rule help Jefferson, Shawn (Dec 23)
- Re: Rule help Markus Lude (Dec 19)