Snort mailing list archives

Previous By Date Next
Previous By Thread Next

multiple HTTP_PORTS

From: "Chris Connelly" <dev_zer0 () hotmail com>
Date: Thu, 20 Jun 2002 14:22:05 -0400
I'm using Snort 1.8.6 with the newest signatures.
I noticed that in a recent signature release, the $HTTP_PORTS variable was added in all the web-* signatures, and my environment has HTTP servers on ports 80, 8080, 1080, 81, and 8081 (changing that is NOT an option). It seems that I cannot provide a list of ports (e.g. [80,81,88,8080,8081]) and a range for 80:8081 draws WAY too many false positives (IMAP, high ports, etc). What would be the best thing to do in this situation? Create Multiple copies of all the web-* rulefiles and edit each one and have to maintain changes across versions? Or is there some mechanism that provides for a list of ports a signature will look on? 

Help would be very much appreciated.

devzero

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com 



-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: