Snort mailing list archives
Re: Hello Snort Team
From: J Doe <general () nativemethods com>
Date: Sun, 21 May 2017 15:10:14 -0400
On May 21, 2017, at 2:58 PM, Joel Esler (jesler) <jesler () cisco com> wrote: Technically, http can be on any port. So, you can either use openappid to identify services instead of ports, or Snort3, which is service aware by default, but has no ruleset yet. We've added that many ports to HTTP_PORTS as we've seen exploit activity in the wild over those ports.
Hi, Good point - I hadn't considered HTTP/S traffic from exploits. I will definitely be looking into Open AppID - I skipped that portion of the manual (which I will rectify a second time around!). I will use that for my 2.9.9.x install of Snort. I'd really like to move to Snort 3 for the support of Lua rules (I am currently using Lua with the ModSec WAF and I love it), and for the refactored code in C++ (C++ is one of the languages I am familiar with). I've been following its' progress - currently at alpha 4, a recent push to patch some security vulnerabilities detected and the Talos blog that says a beta is scheduled around summer. I was wondering - would it be stable enough to run on my low volume web host ? It is not a mission critical server and I'd like to work with Snort 3 as the code base develops. Thanks, - J ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Hello Snort Team Paul Trimby (May 21)
- Re: Hello Snort Team rmkml (May 21)
- Re: Hello Snort Team wkitty42 (May 21)
- Re: Hello Snort Team J Doe (May 21)
- Re: Hello Snort Team Joel Esler (jesler) (May 21)
- Re: Hello Snort Team J Doe (May 21)
- Re: Hello Snort Team Joel Esler (jesler) (May 21)
- Re: Hello Snort Team J Doe (May 21)
- Re: Hello Snort Team Joel Esler (jesler) (May 21)
- Re: Hello Snort Team Russ (May 21)
- Re: Hello Snort Team J Doe (May 21)
- Re: Hello Snort Team J Doe (May 21)