Snort mailing list archives
HTTP over 443/TCP
From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Wed, 16 Nov 2011 22:54:57 +0000
Looking into the Snort.conf setup for the http_inspect preprocessor, it doesn't have 443 in it by default. Was just working on some signatures for botnet stuff using cleartext HTTP on 443/tcp and I was wondering why it wouldn't fire off when using http_inspect content modifiers. Is there any specific reason for not including 443/tcp in the default snort.conf http_inspect setup? -- Eoin ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- HTTP over 443/TCP Eoin Miller (Nov 16)
- Re: HTTP over 443/TCP Joel Esler (Nov 29)