[Snort-users] issue with 2.8.2
Jason.Haar at ...294...
Thu Jun 5 01:23:03 EDT 2008
Steven Sturges wrote:
> Hi Jason--
> Couldn't you just use a port list to eliminate the 'allowed'
> DNS queries and the pass rule? Performance would be much
> better this way.
Yes - I am aware of that, these rules were written a long time before
snort supported portvar.
However they should still work as is - and they're not. I'm hoping
someone figures out the bug (or fault on my part - I'm not proud ;-)
before I rewrite the rules. I'm sure that will fix it - but it will mean
I've just hidden a remaining problem...
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-users