Patch to use port lists in Snort rules
Posted by creining | Filed under Security
port-list-hack.diff is a patch to Snort that provides the ability to use port lists in rules, it does not work with negation.
alert tcp any [1024,2000] -> any [1,20,12345] (msg:"foo"; sid: 12345678;)
Comments are closed.