From: James Lay (jlayslave-tothe-box.net)
Date: Thu May 02 2013 - 12:35:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Parenthesis will help:

"not (net 10.10.0.0/24 && dst host 10.75.45.1 && dst port 80) or (not
net 10.30.0.0/24 && dst host 10.75.45.1 && dst port 80)"

James

On 2013-05-02 11:23, Seth Dunn wrote:
> So now my question comes, since you were wondering about the rule I
> was
> using.
> This is my rule::
> not net 10.10.0.0/24 and dst host 10.75.45.1 && dst port 80 or not
> net
> 10.30.0.0/24 and dst host 10.75.45.1 && dst port 80
>
> By my understanding, and my desire to see happen is this.
> Traffic from the network 10.10.0.0/24 going to http at 10.75.45.1
> should
> be ignored.
> Also, traffic from the network 10.30.0.0/24 going to http at
> 10.75.45.1
> should be ignored.
> All other traffic is still monitored.
>
> Is this correct, base on the rule above, or should it be worded
> another
> way?

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]