[Snort-users] HTTP over 443/TCP

Joel Esler jesler at ...1935...
Tue Nov 29 19:08:31 EST 2011


Eoin,

I got your other email as well, but I thought I'd answer you onlist.

We are currently evaluating what impact that would have.  I'll let you know.

J

On Nov 16, 2011, at 5:54 PM, Eoin Miller wrote:

> Looking into the Snort.conf setup for the http_inspect preprocessor, it
> doesn't have 443 in it by default. Was just working on some signatures
> for botnet stuff using cleartext HTTP on 443/tcp and I was wondering why
> it wouldn't fire off when using http_inspect content modifiers.
> 
> Is there any specific reason for not including 443/tcp in the default
> snort.conf http_inspect setup?
> 
> -- Eoin





More information about the Snort-users mailing list