[Snort-users] anomalous http server

cc cc at ...9707...
Tue Feb 17 20:15:00 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

Pardon my ignorance, but can someone please explain to me this
particular signature?   My understanding of it is that it detects
any HTTP traffic on non HTTP ports(by which I'm assuming 80 and
the HTTPS port).  But since the client's port is never 80, then
it basically tags all information that's being sent from the
client and sent from the http server(port 80) to the client's
browser(port != 80).

Any clarifications appreciated



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAMuT8W/g4AbYsjJoRAnkUAJ9i9Yo7s8o388Pxm+t4ETcB3nCakgCeIrFS
ngOlYL8OVpyrPEgS/xz37MY=
=Hd3P
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list