[Snort-users] Question about preprocessor portscan and ignori ng ports

Gregor Binder gbinder at ...462...
Thu Jan 18 13:03:42 EST 2001

Jean-Philippe Grenier on Thu, Jan 18, 2001 at 12:45:11PM -0500:


> I thought it would of act this way. Well I can probably apply a BPF
> and never send web and mail traffic to snort. This way I'm sure
> that it will never go to the plugin.

don't forget that you will miss anything malicious that goes to these
ports (like shellcode for example).


Gregor Binder  <gregor.binder at ...462...>  http://sysfive.com/~gbinder/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55

More information about the Snort-users mailing list