88
Chapter 3 Working with Snort Rules
Table 3 1 Well Known Port Numbers (continued)
Port Number
Description
110
POP3, used for e mail clients like Microsoft Outlook
161
SNMP
162
SNMP traps
443
HTTPS or Secure HTTP
514
Syslog
3306
MySQL
You can also look into /etc/services file on the UNIX platform to see more
port numbers. Refer to RFC 1700 for a detailed list at http://www.rfc editor.org/rfc/
rfc1700.txt. The Internet Corporation for Assigned Names and Numbers (ICANN) now
keeps track of all port numbers and names. You can find more information at http://
www.icann.org.
3.5.5
Direction
The direction field determines the source and destination addresses and port num
bers in a rule. The following rules apply to the direction field:
A > symbol shows that address and port numbers on the left hand side of the
direction field are the source of the packet while the address and port number
on the right hand side of the field are the destination.
A < symbol in the direction field shows that the packet is traveling from the
address and port number on the right hand side of the symbol to the address and
port number on the left hand side.
A <> symbol shows that the rule will be applied to packets traveling on either
direction. This symbol is useful when you want to monitor data packets for
both client and server. For example, using this symbol, you can monitor all
traffic coming from and going to a POP or Telnet server.
3.6 Rule Options
Rule options follow the rule header and are enclosed inside a pair of parentheses. There
may be one option or many and the options are separated with a semicolon. If you use
multiple options, these options form a logical AND. The action in the rule header is
invoked only when all criteria in the options are true. You have already used options like
msg and ttl in previous rule examples. All options are defined by keywords. Some rule
options also contain arguments. In general, an option may have two parts: a keyword
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved