Forum Discussion
hooleylist
Sep 28, 2009Cirrostratus
Hi Josh,
My original post should have used TCP::local_port to check the destination port on the client's packet--not the source port. I think this should do what you're looking for:
when CLIENT_ACCEPTED {
Check if requested port is outside 1000 - 2000
if { not (([TCP::local_port] > 1000 and [TCP::local_port] < 2000) or [TCP::local_port] == 3389 or [TCP::local_port] == 1500 or [TCP::local_port] == 161) }{
Drop request
drop
}
}
Aaron