Snort mailing list archives

Re: [Snort-sigs] Snort.conf updates have been posted

From: AllowOverride <allowoverride () gmail com>
Date: Tue, 09 Oct 2012 12:52:48 -0700

pulledpork, should take care of this correct?

thanks for the heads up joel.

On Tue, 2012-10-09 at 15:46 -0400, Joel Esler wrote:


http://blog.snort.org/2012/10/sourcefire-vrt-certified-snort-rules_9.html


The following changes were made to the snort.conf:

portvar
HTTP_PORTS 
[80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9080,9090,9091,9443,9999,11371,55555]
 

now reads:

portvar
HTTP_PORTS 
[80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,55555]
 

(Addition of 9060)

The port was also added to stream5 and http_inspect's configuration
lines.

I have updated the example snort.conf's, they can be found here: 
http://www.snort.org/vrt/snort-conf-configurations/


Thanks!


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net 
https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for 
the latest news about Snort!



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort.conf updates have been posted Joel Esler (Oct 09)
- Re: [Snort-sigs] Snort.conf updates have been posted AllowOverride (Oct 09)
  - Re: [Snort-sigs] Snort.conf updates have been posted Joel Esler (Oct 09)
    - Re: [Snort-sigs] Snort.conf updates have been posted AllowOverride (Oct 09)
    - Re: [Snort-sigs] Snort.conf updates have been posted Jefferson, Shawn (Oct 09)
    - Re: [Snort-sigs] Snort.conf updates have been posted Joel Esler (Oct 09)
- Re: Snort.conf updates have been posted Amm Snort (Oct 09)
  - Re: Snort.conf updates have been posted Joel Esler (Oct 10)
  - Re: Snort.conf updates have been posted Matt Jonkman (Oct 10)
- Re: Snort.conf updates have been posted waldo kitty (Oct 10)
- Re: Snort.conf updates have been posted waldo kitty (Oct 10)