[Bro] Bro and unusual http ports
Seth Hall
seth at icir.org
Mon Nov 19 19:07:40 PST 2012
On Nov 19, 2012, at 5:55 AM, C. L. Martinez <carlopmart at gmail.com> wrote:
> Interesting ... Seth, is it possible to add portranges and standalone
> ports too at the same time?? or is it needed to define every http
> port?? For example:
>
> add dpd_config[ANALYZER_HTTP]$ports[3001/tcp];
You would need to add each port individually. Why would you want to add large swaths of ports though? Port number is only one of the heuristics used to find which analyzer to use on a connection.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list