|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Gonzalez (ag-snort_at_cerebro.violating.us)
Date: Fri Oct 25 2002 - 01:33:50 CDT
and IRC ports (for most servers I've seen) 6667 not 6008
Lefevre, Steven wrote:
>I have this rule in my local rule file:
>
>alert tcp $EXTERNAL_NET any -> $HOME_NET 6008:6009 (msg:"IRC Activity")
>
>(It's to detect IRC traffic ;)
>
>Why does snort always choke on it? I've looked it over 100 times and it
>seems to follow the syntax.
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: Influence the future
>of Java(TM) technology. Join the Java Community
>Process(SM) (JCP(SM)) program now.
>http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
>_______________________________________________
>Snort-users mailing list
>Snort-users
lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
-- The secret to success is to start from scratch and keep on scratching.------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en _______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]