[Snort-users] var HTTP_PORTS and new rules
m9520 at ...10442...
Tue Nov 18 06:13:10 EST 2003
I have installed snort on RH 9 and it's up and running just fine.
I have two basic questions.
1. I got a lot of FP on 8080, and I can't figure it out how to fix it.
We have internal webservers that run on port 80, and mainly all other
traffic goes through a proxy on port 8080. You can't set [80,8080]
like you do for networks, just a range like 80:8080.
2. How often should I download new rules? Because I edit in the rules
to get rid of a lot of FP, but maybe there is a better way to do that.
Is there a possibillity to have the exclusions in a separate file?
eny at ...10442...
More information about the Snort-users