mike.patterson at uwaterloo.ca
Thu Jan 16 07:40:05 PST 2014
If you’re anxious to avoid any SSL traffic based on port exclusions, you might consider other well-known ports - 587, 465, etc.
On Jan 16, 2014, at 10:39 AM, George Insko <ginsko3 at gmail.com> wrote:
> Good call. Thanks.
> On Thu, Jan 16, 2014 at 10:33 AM, Seth Hall <seth at icir.org> wrote:
> On Jan 16, 2014, at 10:12 AM, George Insko <ginsko3 at gmail.com> wrote:
> > #Nothing from src host to dst port
> > !(src host 0.0.0.0/0 && dst port 443) &&
> > Does that make sense and will it work? Do you all have any other ways to permanently filter traffic?
> I think you meant to do…
> (not src port 443 and not dst port 443)
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> George Insko
> Email: ginsko3 at gmail.com
> Twitter: @ginsko3
> Bro mailing list
> bro at bro-ids.org
More information about the Bro