Snort mailing list archives
Re: Hopefully someone else has a better grasp on HTTP/_Inspect
From: Erek Adams <erek () snort org>
Date: Sat, 31 Jan 2004 22:41:06 -0500 (EST)
On Fri, 30 Jan 2004, Jason Kolberg wrote:
I have read through (not thoroughly so I may have missed something) the README for inspect, but I haven't seen how to eliminate outbound traffic easilly. I hate to disable the inspection entirely - but so far all it has showed me is outbound packets which generally are binaries or encrypted. I saw where you can set up specific servers - would I have to set up my servers and make default settings ignored?
You could use BPF filters. snort <options> "not src <internal_net>"
If any of you can point me in the right direction - I'd be grateful. I was happy to get Snort up and running with Acid fairly easilly. Also - as far as maintaining rules... where is the best resource for finding rules to root out new vulnerabilities? Is that from updating snort as it get's updated or is there another place I should look. Is someone providing a subscription service?
https://lists.sourceforge.net/lists/listinfo/snort-sigs Cheers! ----- Erek Adams "It looks just like a Telefunken U-47. You'll love it..." -- Frank Zappa ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hopefully someone else has a better grasp on HTTP/_Inspect Jason Kolberg (Jan 31)
- Re: Hopefully someone else has a better grasp on HTTP/_Inspect Erek Adams (Jan 31)