[Snort-users] Snort rules over-use "any"?
ryan at ...35...
Thu Sep 7 03:10:25 EDT 2000
On Wed, 6 Sep 2000, Max Vision wrote:
> On Thu, 7 Sep 2000, Jason Haar wrote:
> > In the visions.rule file there is very little use of "1024:" for things that
> > are really almost always going to be >1024.
> Like I always say, suggestions are *very* welcome :) I agree with your
> point, however, I don't know for a fact that this traffic will always come
> in with unpriveledged source ports. All of the trojan rules that don't
This discussion started with some AOL-thing false positve right? I've
seen AIM try to use port 53 when it couldn't get out otherwise.
More information about the Snort-users