Re: [Snort-users] multiple port variable fun

This is a discussion on Re: [Snort-users] multiple port variable fun within the Snort forums, part of the System Security and Security Related category; Do you mean put that in snort.conf? Because when i tried that it just thought you were reading the ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] multiple port variable fun

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-03-2007
Ryan Hudson
 
Posts: n/a
Default Re: [Snort-users] multiple port variable fun
Do you mean put that in snort.conf? Because when i tried that it just
thought you were reading the same rules files multiple times and failed as
the same pid's were being used multiple times. And the http_ports variable
was over-written 3 times.

-----Original Message-----
From: Leon Ward [mailto:seclists@rm-rf.co.uk]
Sent: Wednesday, 4 July 2007 3:27 AM
To: ryan@mydingo.net.au
Subject: Re: [Snort-users] multiple port variable fun

Hi

var HTTP_PORTS 80
include http.rules
var HTTP_PORTS 8082
include http.rules
var HTTP_PORTS 3001


include http.rules

On 3 Jul 2007, at 05:57, ryan@mydingo.net.au wrote:

> Hey all,
>
> My network has http traffic on multiple ports, what is the best way to
> setup a http_port variable so all relevant rules alerts on multiple
> ports. I need to setup the equvilant of:
>
> var http_ports 80,8082,3001
>
> I know snort does not allow a comma seperated value for ports, just
> wondering if there is a way to have a port variable that is not a
> range etc.
>
> Cheers
> Ryan
>
>
>
> ----------------------------------------------------------------------
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 05:56 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0