[Bro] BPF?
Mike Patterson
mike.patterson at uwaterloo.ca
Thu Jan 16 07:40:05 PST 2014
If you’re anxious to avoid any SSL traffic based on port exclusions, you might consider other well-known ports - 587, 465, etc.
Mike
On Jan 16, 2014, at 10:39 AM, George Insko <ginsko3 at gmail.com> wrote:
> Good call. Thanks.
>
>
> On Thu, Jan 16, 2014 at 10:33 AM, Seth Hall <seth at icir.org> wrote:
>
> On Jan 16, 2014, at 10:12 AM, George Insko <ginsko3 at gmail.com> wrote:
>
> > #Nothing from src host to dst port
> > !(src host 0.0.0.0/0 && dst port 443) &&
> > Does that make sense and will it work? Do you all have any other ways to permanently filter traffic?
>
> I think you meant to do…
>
> (not src port 443 and not dst port 443)
>
> .Seth
>
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
>
>
> --
> George Insko
> Email: ginsko3 at gmail.com
> Twitter: @ginsko3
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list