Snort mailing list archives

Re: Error in snort.conf for snort 2.9.2.2?

From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Wed, 27 Jun 2012 11:31:01 -0400

While the tds port is bound to 1521, content connections are given a
dynamic port after connect, which can be anything above 1024:

Cheers,
-matt

On Tue, Jun 26, 2012 at 5:11 PM, Paul Schmehl <pauls () utdallas edu> wrote:

I just upgraded one of our sensors to 2.9.2.2.  I was reviewing the
snort.conf file to see what changes might need to be made in our conf file.
I noticed that the portvar ORACLE_PORTS had been changed from 1521 to 1024.
Is this an oversight?  Or does Sourcefire know something I don't know.
AFAIK the Oracle default port has not changed and is still 1521.

--
Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/infosecurity/



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!




-- 
Matthew Watchinski
V.P. Vulnerability Research (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-blog.snort.org && http://www.snort.org/vrt/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Error in snort.conf for snort 2.9.2.2? Paul Schmehl (Jun 27)
- Re: Error in snort.conf for snort 2.9.2.2? Matt Watchinski (Jun 27)