Re: Hello Snort Team

["Joel Esler (jesler)" <jesler () cisco com>]

Technically, http can be on any port. So, you can either use openappid to identify services instead of ports, or 
Snort3, which is service aware by default, but has no ruleset yet.  

We've added that many ports to HTTP_PORTS as we've seen exploit activity in the wild over those ports.  

--
Sent from my iPhone

> On May 21, 2017, at 14:55, J Doe <general () nativemethods com> wrote:
>
>
> > On May 21, 2017, at 2:49 PM, Joel Esler (jesler) <jesler () cisco com> wrote:
> >
> > Looks like the default snort.conf to me.  
>
> Hi Joel,
>
> Oh, my apologies.  I have been using Snort (earlier version), on a low traffic web server and while I explicitly set 
> HTTP_PORTS to 80 and 443, I didn't recall that the default config has a more extensive port list.
>
> Some of the port numbers listed don't seem to correspond to services that would speak HTTP/S, or am I incorrect in 
> that assessment ?
>
> Thanks,
>
> - J

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!