Snort mailing list archives
Do you have port 443 in $HTTP_PORTS and http_inspect_server?
From: L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>
Date: Fri, 21 Nov 2014 14:28:56 -0500
Hello. Right now on my Snorts I do not have the TCP port 443 in the HTTP_PORTS portvar or in the http_inspect_server port lists. But do you think I should? Sometimes I have the malwares use 443 but not encrypted at all and it would be nice to be able to use http_inspect buffers and have the PAF. I also have 'noinspect_encrypted' on my SSL preprocessor configurations so I am thinking that if I put 443 in for http_inspect it won't be a big deal because I won't do inspection after success SSL handshake is detected right??? I am curious what other people do and there reasoning for this. Have you ever thought about this? I dont' see the port 443 in the default config that comes with snort so I am worried about doing it. How will it impact performance? Thanks && Cheers! L0rd C.
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Do you have port 443 in $HTTP_PORTS and http_inspect_server? L0rd Ch0de1m0rt (Nov 21)
- Re: Do you have port 443 in $HTTP_PORTS and ttp_inspect_server? Joel Esler (Nov 21)