[FC3] SNORT: writing rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I want to write a SNORT rules.
I want to make an alert if the input traffic is different from the port "i" and the port "j". (for examle port 80 and port 443). So I use these rules: alert tcp any any -> 192.168.1.0/24 !80 (msg"query different from port 80";) alert tcp any any -> 192.168.1.0/24 !443 (msg"query different from port 443";) But if I receive a query to a port different from 80 and 443, this manner of writing rules will generate me 2 alertes at the same time. Is ther any manner to rewrite these rules in order to get just one rule and thus only one alert? I know that the following manner is false, but it's juste an example to explain what I want to get: alert tcp any any -> 192.168.1.0/24 ![80 AND 443] (msg"query different from port 80 and 443";) 
Thanks.
(Linx)
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux