Snort mailing list archives
Enabling all ports on 'http_inspect_server'
From: Junaid Bohio via Snort-users <snort-users () lists snort org>
Date: Thu, 25 Oct 2018 10:27:26 -0400
Hi, I am wondering if Snort allows to enable all ports under 'http_inspect_server' server? In case of normal HTTP traffic, listing few standard ports is sufficient, but in case of malware traffic the remote control server can be listening on any port. If a non-standard port is not listed under that config then HTTP modifiers like 'http_uri', 'http_header', etc. don't work. I have done various tests and it doesn't seem to be accepting port range or all ports (most likely for performance reasons) but i just want to verify it here. Thank you!
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Enabling all ports on 'http_inspect_server' Junaid Bohio via Snort-users (Oct 25)
- Re: Enabling all ports on 'http_inspect_server' Carter Waxman (cwaxman) via Snort-users (Oct 25)
- Re: Enabling all ports on 'http_inspect_server' Junaid Bohio via Snort-users (Oct 25)
- Re: Enabling all ports on 'http_inspect_server' Carter Waxman (cwaxman) via Snort-users (Oct 25)