Snort mailing list archives
Re: snort configuration
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 2 Sep 2013 09:06:52 -0400
On Sep 2, 2013, at 8:53 AM, rem239 () gmx de wrote:
I want to have a small snort installation where snort listens only on the src ports 22, 80 and ignores all other traffic. What is the best way for such a configuration? Using ignore_ports in snort connfig or a BPF? Is there a example config for such a case?
BPF would probably be the way to go here. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort configuration rem239 (Sep 02)
- Re: snort configuration Joel Esler (Sep 02)
- <Possible follow-ups>
- Re: snort configuration mitesh.jadia (Sep 02)
- Re: snort configuration rem239 (Sep 03)
- Re: snort configuration Russ Combs (Sep 09)
- Re: snort configuration rem239 (Sep 03)