[Snort-users] Hello Snort Team

Joel Esler (jesler) jesler at ...589...
Sun May 21 14:58:02 EDT 2017


Technically, http can be on any port. So, you can either use openappid to identify services instead of ports, or Snort3, which is service aware by default, but has no ruleset yet.  

We've added that many ports to HTTP_PORTS as we've seen exploit activity in the wild over those ports.  

--
Sent from my iPhone

> On May 21, 2017, at 14:55, J Doe <general at ...17107...> wrote:
> 
> 
>> On May 21, 2017, at 2:49 PM, Joel Esler (jesler) <jesler at ...589...> wrote:
>> 
>> Looks like the default snort.conf to me.  
>> 
> 
> Hi Joel,
> 
> Oh, my apologies.  I have been using Snort (earlier version), on a low traffic web server and while I explicitly set HTTP_PORTS to 80 and 443, I didn't recall that the default config has a more extensive port list.
> 
> Some of the port numbers listed don't seem to correspond to services that would speak HTTP/S, or am I incorrect in that assessment ?
> 
> Thanks,
> 
> - J




More information about the Snort-users mailing list