Snort mailing list archives
Hopefully someone else has a better grasp on HTTP/_Inspect
From: "Jason Kolberg" <jasonk () missoulafcu org>
Date: Fri, 30 Jan 2004 16:46:35 -0700 (MST)
I have read through (not thoroughly so I may have missed something) the README for inspect, but I haven't seen how to eliminate outbound traffic easilly. I hate to disable the inspection entirely - but so far all it has showed me is outbound packets which generally are binaries or encrypted. I saw where you can set up specific servers - would I have to set up my servers and make default settings ignored? If any of you can point me in the right direction - I'd be grateful. I was happy to get Snort up and running with Acid fairly easilly. Also - as far as maintaining rules... where is the best resource for finding rules to root out new vulnerabilities? Is that from updating snort as it get's updated or is there another place I should look. Is someone providing a subscription service? Thank you in advance. Keep up the good work and hopefully MyDoom and it's ilk aren't giving you fits. Jason Kolberg Information Technology Systems Administrator Missoula Federal Credit Union ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hopefully someone else has a better grasp on HTTP/_Inspect Jason Kolberg (Jan 31)
- Re: Hopefully someone else has a better grasp on HTTP/_Inspect Erek Adams (Jan 31)