Snort mailing list archives
Feasibility of one off rule
From: "Lay, James" <james.lay () wincofoods com>
Date: Mon, 13 Jun 2011 10:25:45 -0600
Hey all! Looking through logs today....have come across: http://web1.51.la:82/go.asp Which according to malwaredomains.com is no good. I was wondering if it was feasible or a good idea to even create a rule that would fire on one or two offs from the standard port? I do see that msn.com uses port 81 for an item: http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1 These are all blocked anyway, but eh...was curious if this could be a worthwhile idea. Thanks. James ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- Feasibility of one off rule Lay, James (Jun 13)
- Re: Feasibility of one off rule Alex Kirk (Jun 13)
- Re: Feasibility of one off rule Martin Holste (Jun 13)
- Re: Feasibility of one off rule Lay, James (Jun 13)
- Re: Feasibility of one off rule Alex Kirk (Jun 13)