Snort mailing list archives
Re: [Snort-sigs] Snort.conf updates have been posted
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 9 Oct 2012 15:58:12 -0400
No. However, these changes happen so infrequently that I make sure I post about them on the mailing lists and on the blog. I've got a couple more updates to do with regards to ports, and I'll try and get those knocked out soon. But NO Pulledpork does NOT presently alter your Snort.conf for you. If that's a feature request you'd like to make, please do so on the pulledpork website. In the future we anticipate updates like these to be unnecessary, but for the time being, they are needed. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Oct 9, 2012, at 3:52 PM, AllowOverride <allowoverride () gmail com> wrote:
pulledpork, should take care of this correct? thanks for the heads up joel. On Tue, 2012-10-09 at 15:46 -0400, Joel Esler wrote:http://blog.snort.org/2012/10/sourcefire-vrt-certified-snort-rules_9.html The following changes were made to the snort.conf: portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9080,9090,9091,9443,9999,11371,55555] now reads: portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,55555] (Addition of 9060) The port was also added to stream5 and http_inspect's configuration lines. I have updated the example snort.conf's, they can be found here: http://www.snort.org/vrt/snort-conf-configurations/ Thanks!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort.conf updates have been posted Joel Esler (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted AllowOverride (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted Joel Esler (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted AllowOverride (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted Jefferson, Shawn (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted Joel Esler (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted Joel Esler (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted AllowOverride (Oct 09)
- Re: Snort.conf updates have been posted Amm Snort (Oct 09)
- Re: Snort.conf updates have been posted Joel Esler (Oct 10)
- Re: Snort.conf updates have been posted Matt Jonkman (Oct 10)
- Re: Snort.conf updates have been posted waldo kitty (Oct 10)
- Re: Snort.conf updates have been posted waldo kitty (Oct 10)