[Snort-users] Any idea when multiple port support is coming?

Russ Starr russ.starr at ...11827...
Tue Dec 6 21:44:01 EST 2005


I would tell you, but Marty might not like that... :)

Actually, the same question got asked a few hours ago at our Kansas
City SUG meeting...  It boils down to, it's being worked on.  No
promises or deadlines. ;)

Then again, I'm not an authoritative source of info on that.

Thank you for coming out tonight for those who made it... It was a
good first meeting!

-Russ


On 12/6/05, Jason Haar <Jason.Haar at ...294...> wrote:
> Hi there
>
> Says it all really. From an efficiency perspective, I really need to be
> able to define things like
>
> var HTTP_PORTS 80,3128,8080
>
> so that single rules can trigger on HTTP traffic that is both direct,
> and/or via a proxy. Currently this would involve converting something
> like the 1217 web-*.rules into over 3.5K...
>
> At the moment, I've had to turn tonnes of intranet rules from
> $HTTP_PORTS to "any" to effect the same change more efficiently - but
> now get whacked with tonnes of false positives on SMTP traffic (so now
> I've changed "any" to "!25" - but you get the drift)
>
> Any hint to when/if this feature will show up?
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list