[Snort-users] Question about preprocessor portscan and ignori ng ports
gbinder at ...462...
Thu Jan 18 13:03:42 EST 2001
Jean-Philippe Grenier on Thu, Jan 18, 2001 at 12:45:11PM -0500:
> I thought it would of act this way. Well I can probably apply a BPF
> and never send web and mail traffic to snort. This way I'm sure
> that it will never go to the plugin.
don't forget that you will miss anything malicious that goes to these
ports (like shellcode for example).
Gregor Binder <gregor.binder at ...462...> http://sysfive.com/~gbinder/
sysfive.com GmbH UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55
More information about the Snort-users