[Snort-users] Any idea when multiple port support is coming?
russ.starr at ...11827...
Tue Dec 6 21:44:01 EST 2005
I would tell you, but Marty might not like that... :)
Actually, the same question got asked a few hours ago at our Kansas
City SUG meeting... It boils down to, it's being worked on. No
promises or deadlines. ;)
Then again, I'm not an authoritative source of info on that.
Thank you for coming out tonight for those who made it... It was a
good first meeting!
On 12/6/05, Jason Haar <Jason.Haar at ...294...> wrote:
> Hi there
> Says it all really. From an efficiency perspective, I really need to be
> able to define things like
> var HTTP_PORTS 80,3128,8080
> so that single rules can trigger on HTTP traffic that is both direct,
> and/or via a proxy. Currently this would involve converting something
> like the 1217 web-*.rules into over 3.5K...
> At the moment, I've had to turn tonnes of intranet rules from
> $HTTP_PORTS to "any" to effect the same change more efficiently - but
> now get whacked with tonnes of false positives on SMTP traffic (so now
> I've changed "any" to "!25" - but you get the drift)
> Any hint to when/if this feature will show up?
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users