Snort mailing list archives

Re: [Snort-sigs] Snort.conf updates have been posted


From: Joel Esler <jesler () sourcefire com>
Date: Tue, 9 Oct 2012 15:58:12 -0400

No.  However, these changes happen so infrequently that I make sure I post about them on the mailing lists and on the 
blog.  I've got a couple more updates to do with regards to ports, and I'll try and get those knocked out soon.  But NO 
Pulledpork does NOT presently alter your Snort.conf for you.  If that's a feature request you'd like to make, please do 
so on the pulledpork website.  In the future we anticipate updates like these to be unnecessary, but for the time 
being, they are needed.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire




On Oct 9, 2012, at 3:52 PM, AllowOverride <allowoverride () gmail com> wrote:

pulledpork, should take care of this correct?

thanks for the heads up joel.

On Tue, 2012-10-09 at 15:46 -0400, Joel Esler wrote:

http://blog.snort.org/2012/10/sourcefire-vrt-certified-snort-rules_9.html


The following changes were made to the snort.conf:

portvar
HTTP_PORTS 
[80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9080,9090,9091,9443,9999,11371,55555]
 

now reads:

portvar
HTTP_PORTS 
[80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,55555]
 

(Addition of 9060)

The port was also added to stream5 and http_inspect's configuration
lines.

I have updated the example snort.conf's, they can be found here: 
http://www.snort.org/vrt/snort-conf-configurations/


Thanks!


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread: