[Snort-users] HTTP over 443/TCP
jesler at ...1935...
Tue Nov 29 19:08:31 EST 2011
I got your other email as well, but I thought I'd answer you onlist.
We are currently evaluating what impact that would have. I'll let you know.
On Nov 16, 2011, at 5:54 PM, Eoin Miller wrote:
> Looking into the Snort.conf setup for the http_inspect preprocessor, it
> doesn't have 443 in it by default. Was just working on some signatures
> for botnet stuff using cleartext HTTP on 443/tcp and I was wondering why
> it wouldn't fire off when using http_inspect content modifiers.
> Is there any specific reason for not including 443/tcp in the default
> snort.conf http_inspect setup?
> -- Eoin
More information about the Snort-users