ginsko3 at gmail.com
Thu Jan 16 08:58:06 PST 2014
I think just the amount of traffic coming in is my issue. So, I am trying
to block things I can do little about. Hoping in vain that this will let me
focus on the sloppy hackers and the low hanging fruit.
This is not my primary IDS so missing somethings is ok.
On Thu, Jan 16, 2014 at 10:53 AM, Vlad Grigorescu <vladg at cmu.edu> wrote:
> Would it be sufficient to disable the SSL analyzer? That way you don't
> have to play the port shell game, but you don't get an ssl.log or any
> SSL-related notices, if that's your concern.
> On Jan 16, 2014, at 10:40 AM, Mike Patterson <mike.patterson at uwaterloo.ca>
> > If you’re anxious to avoid any SSL traffic based on port exclusions, you
> might consider other well-known ports - 587, 465, etc.
> > Mike
> > On Jan 16, 2014, at 10:39 AM, George Insko <ginsko3 at gmail.com> wrote:
> >> Good call. Thanks.
> >> On Thu, Jan 16, 2014 at 10:33 AM, Seth Hall <seth at icir.org> wrote:
> >> On Jan 16, 2014, at 10:12 AM, George Insko <ginsko3 at gmail.com> wrote:
> >>> #Nothing from src host to dst port
> >>> !(src host 0.0.0.0/0 && dst port 443) &&
> >>> Does that make sense and will it work? Do you all have any other ways
> to permanently filter traffic?
> >> I think you meant to do…
> >> (not src port 443 and not dst port 443)
> >> .Seth
> >> --
> >> Seth Hall
> >> International Computer Science Institute
> >> (Bro) because everyone has a network
> >> http://www.bro.org/
> >> --
> >> George Insko
> >> Email: ginsko3 at gmail.com
> >> Twitter: @ginsko3
> >> _______________________________________________
> >> Bro mailing list
> >> bro at bro-ids.org
> >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
Email: ginsko3 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro