Hopefully someone else has a better grasp on HTTP/_Inspect

["Jason Kolberg" <jasonk () missoulafcu org>]

I have read through (not thoroughly so I may have missed something) the
README for inspect, but I haven't seen how to eliminate outbound traffic
easilly.  I hate to disable the inspection entirely - but so far all it
has showed me is outbound packets which generally are binaries or
encrypted.  I saw where you can set up specific servers - would I have to
set up my servers and make default settings ignored?

If any of you can point me in the right direction - I'd be grateful.  I
was happy to get Snort up and running with Acid fairly easilly.

Also - as far as maintaining rules...  where is the best resource for
finding rules to root out new vulnerabilities?  Is that from updating
snort as it get's updated or is there another place I should look.  Is
someone providing a subscription service?

Thank you in advance.  Keep up the good work and hopefully MyDoom and it's
ilk aren't giving you fits.

Jason Kolberg
Information Technology Systems Administrator
Missoula Federal Credit Union


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users