Snort mailing list archives
Re: Snort rule firing on another port
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 13 Dec 2012 13:41:39 -0500
Are you using adaptive profiling or host individual specifications? -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Dec 13, 2012, at 1:27 PM, Anthony Rees <arees734 () gmail com> wrote:
Hi, Vrt have a rule 1:16606, it should fire on port 443 but its firing on 3801. there is one content match in the packet, but shouldnt it ignore the rule if the header does not meet the criteria?? All aspects of the rule look good, just wondering why it doesn't ignore the packets as the rule header doesn't match. Thanks Sent from my iPhone ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort rule firing on another port Anthony Rees (Dec 13)
- Re: Snort rule firing on another port Joel Esler (Dec 13)