[Snort-users] Increase performance with filter or pass-rules
elof at ...6680...
Fri Nov 21 06:50:11 EST 2003
I have a sensor that monitors a network where there's lots of VPN-traffic (esp).
Esp is an encrypted protocol, so there's no point that snort looks for
plaintext data within these packets.
Can snort make a pass-rule for the esp protocol, or does it only support
ip, udp, tcp and icmp?
Is it a bad thing to use a bpf filter to exclude esp?
Is it bad to filter out all tcp/22 and tcp/443 and other encrypted
More information about the Snort-users