RE: Question about var SERVICE_PORTS

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: Andreas Östling [mailto:andreaso () it su se] 
> Sent: Friday, January 09, 2004 4:36 PM
> To: Schmehl, Paul L
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Question about var SERVICE_PORTS
>
> Implementing real port lists is not trivial because of how 
> the internal optimizing works, but you may want to have a 
> look at this thread for a workaround:
>
> http://marc.theaimsgroup.com/?l=snort-devel&m=107282430014686&w=2
> http://marc.theaimsgroup.com/?l=snort-devel&m=107341476419431&w=2
Seems like the var SOMEPORTS [80,443,8080], var HTTP_PORTS $SOMEPORTS would be the way to go.  Is there a drawback to 
that?  I understand how your patch works, but I'd prefer not to patch snort, because then I have remember to patch it 
again every time I upgrade.  I'm lazy and I've got way too many things to do already. :-)

And BTW, thank you for all your contributions to the community, not the least of which is oinkmaster.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users