[Snort-users] Taking out the traffic on ports 22 and 443 suggestive?
bmc at ...950...
Thu Apr 24 10:36:14 EDT 2003
On Thu, Apr 24, 2003 at 12:20:22PM -0400, Brian wrote:
> If you are really concerned, you can [ab]use httpflow to ignore
> sessions after a specific number of bytes. In the following example,
> snort will start ignoring packets in sessions after 1000 bytes on port
> 22 and 443.
> preprocessor httpflow: depth 1000 ports 22 443
Yeah, so that won't actually work. I thought httpflow was session
based. It's not. its per packet based.
Sorry about that.
More information about the Snort-users