Snort mailing list archives
Re: port 443 in HTTP port variable list
From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 10 Jul 2015 12:41:38 -0400
On 07/10/2015 11:36 AM, Harley H wrote:
Have many of you added port 443 to the HTTP port variable? I see a lot of malware using plaintext HTTP over port 443 and am wondering if it's regular practice to add port 443 to the list.
if you are seeing plain text traffic over port 443, then someone or something is co-opting the fact that you are allowing that port inbound and/or outbound access... P2P, some music/video streaming apps and malware are coded to specifically get around network administrative restrictions... as each network is different, if you are seeing plain text traffic on 443, then yes, i would add it to your "portvar HTTP_PORTS" list as well as the list of ports the http preprocessor uses... not doing so is letting that traffic pass without inspection and you could be allowing compromised data out or (other) malware in... just like with having sex, an unprotected access point is a point of possible infiltration, infestation and compromise ;) -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- port 443 in HTTP port variable list Harley H (Jul 10)
- Re: port 443 in HTTP port variable list waldo kitty (Jul 10)
- Re: port 443 in HTTP port variable list Harley H (Jul 10)
- Re: port 443 in HTTP port variable list Jefferson, Shawn (Jul 10)
- Re: port 443 in HTTP port variable list Harley H (Jul 10)
- Re: port 443 in HTTP port variable list Jefferson, Shawn (Jul 10)
- Re: port 443 in HTTP port variable list Harley H (Jul 10)
- Re: port 443 in HTTP port variable list waldo kitty (Jul 10)