[Snort-users] Taking out the traffic on ports 22 and 443 suggestive?

Edin Dizdarevic edin.dizdarevic at ...7509...
Wed Apr 23 07:29:00 EDT 2003

Hi everybody,

I was wondering if it would make sense to relief Snort by taking
out the ports 22 and 443 using the BPF filters. HTTP(S) packets are
usually quite big and looking inside of them is quite senseless for
obvious reasons. With SSH stream4 is additionally burdened since those
packets are usually quite small and are filling up it's memory waiting
to be reassembled. Senseless too, IMHO...

Of course scans won't be seen, but is that really important since
a simple connect scan will find those ports open?

Any comments on that?



Edin Dizdarevic

More information about the Snort-users mailing list