[Snort-sigs] [Emerging-Sigs] TCP/UDP "trivial" ports?

Joel Esler jesler at ...435...
Tue Apr 23 16:07:33 EDT 2013


On Apr 23, 2013, at 3:56 PM, "Castle, Shane" <scastle at ...3555...> wrote:

> Maybe this should be left to classic firewall rules rather than IDS? But it'd be nice to have defense in depth.

This is what I'm thinking.  But we have a feature we're looking at that may solve this in Snort.  Don't want to commit to it yet as bad things happen when I say "new feature may be coming" and then I get in trouble when the release slips.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130423/aeadbf1a/attachment.html>


More information about the Snort-sigs mailing list