我在某处读到无法为 shellcode 指定要排除的多个端口,对吗?如果不是,以下是否正确?
您要在其上查找 SHELLCODE 的端口列表。
端口变量 SHELLCODE_PORTS ![21,25,80,143,587,8889]
我正在使用 snort 2905
问问题
677 次
2 回答
0
Try it. If Snort doesn't like the syntax, it should throwback a fatal parsing error. I believe, though, that syntax is better implemented as:
portvar SHELLCODE_PORTS [21,25,80,143,587,8889]
I.e., without the negation, and then used in a rule thus:
alert tcp any any <> any !SHELLCODE_PORTS ( ... )
You could also do:
portvar SHELLCODE_PORTS [!21,!25,!80,!143,!587,!8889]
Which should be valid syntax. Haven't tested, though. YMMV.
于 2011-05-31T05:55:30.073 回答
0
你想要!$SHELLCODE_PORTS
你错过了美元符号。
于 2014-11-28T00:43:12.380 回答