[Snort-users] HTTP over 443/TCP

Eoin Miller eoin.miller at ...14586...
Wed Nov 16 17:54:57 EST 2011


Looking into the Snort.conf setup for the http_inspect preprocessor, it
doesn't have 443 in it by default. Was just working on some signatures
for botnet stuff using cleartext HTTP on 443/tcp and I was wondering why
it wouldn't fire off when using http_inspect content modifiers.

Is there any specific reason for not including 443/tcp in the default
snort.conf http_inspect setup?

-- Eoin




More information about the Snort-users mailing list