Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-sigs] Snort.conf updates have been posted

From: AllowOverride <allowoverride () gmail com>
Date: Tue, 09 Oct 2012 13:09:36 -0700
thanks joel. appreciated.

On Tue, 2012-10-09 at 15:58 -0400, Joel Esler wrote:

No.  However, these changes happen so infrequently that I make sure I
post about them on the mailing lists and on the blog.  I've got a
couple more updates to do with regards to ports, and I'll try and get
those knocked out soon.  But NO Pulledpork does NOT presently alter
your Snort.conf for you.  If that's a feature request you'd like to
make, please do so on the pulledpork website.  In the future we
anticipate updates like these to be unnecessary, but for the time
being, they are needed.


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire







On Oct 9, 2012, at 3:52 PM, AllowOverride <allowoverride () gmail com>
wrote:


pulledpork, should take care of this correct?

thanks for the heads up joel.

On Tue, 2012-10-09 at 15:46 -0400, Joel Esler wrote:


http://blog.snort.org/2012/10/sourcefire-vrt-certified-snort-rules_9.html


The following changes were made to the snort.conf:

portvar
HTTP_PORTS
[80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9080,9090,9091,9443,9999,11371,55555]
 

now reads:

portvar
HTTP_PORTS
[80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,55555]
 

(Addition of 9060)

The port was also added to stream5 and http_inspect's
configuration
lines.

I have updated the example snort.conf's, they can be found here: 
http://www.snort.org/vrt/snort-conf-configurations/


Thanks!





------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: