Snort mailing list archives
Re: shellcode error
From: "Hugo Ferr" <snortgrp () hotmail com>
Date: Fri, 31 May 2002 10:41:29 -0400
Just out of curiosity - why !80, I was getting quite a lot of false positives for shellcode on port 80, is that the number of false positives is the reason for !80? ----- Original Message ----- From: "Erek Adams" <erek () theadamsfamily net> To: "Hugo Ferr" <snortgrp () hotmail com> Cc: "Got Snort?" <snort-users () lists sourceforge net> Sent: Friday, May 31, 2002 12:02 AM Subject: Re: [Snort-users] shellcode error
On Thu, 30 May 2002, Hugo Ferr wrote:I would like to have some understanding regarding the following: 1. Why should I define ports for shellcode rules?Think in terms of maintence and coding. If you can parse a variable, and
you
have it in 500 places, you change one place and all 500 change. If you
need
to change one rule, it's "easier" to work with the exceptions than with
the
"rule". The old 'hit the larger target' idea...2. What is the exact syntax? (var $SHELLCODE_PORTS)[root@foofus]/local/build/snort#grep SHELLCODE snort.conf # Ports you want to look for SHELLCODE on. (By default, not port 80) var SHELLCODE_PORTS !80P.S> I 'm big fan snort of snort, but I really feel like documentaion
should
be improved. (Or is it a topic for mail list dedicated for rants :-) ?)As for improvements, we're all ears. I'd suggest another thread on this
and
have you explain what you mean a bit more. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net
_______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- shellcode error Hugo Ferr (May 30)
- RE: shellcode error bthaler (May 30)
- Re: shellcode error Hugo Ferr (May 30)
- Re: shellcode error Erek Adams (May 30)
- Re: shellcode error Hugo Ferr (May 31)
- Re: shellcode error Erek Adams (May 31)
- Re: shellcode error Hugo Ferr (May 31)
- Re: shellcode error Hugo Ferr (May 30)
- RE: shellcode error bthaler (May 30)
- Re: shellcode error john (May 31)
- Re: shellcode error Erek Adams (May 31)
- Re: shellcode error Matt Kettler (May 31)