[Bro] BPF?
Vlad Grigorescu
vladg at cmu.edu
Thu Jan 16 07:53:43 PST 2014
Would it be sufficient to disable the SSL analyzer? That way you don't have to play the port shell game, but you don't get an ssl.log or any SSL-related notices, if that's your concern.
--Vlad
On Jan 16, 2014, at 10:40 AM, Mike Patterson <mike.patterson at uwaterloo.ca> wrote:
> If you’re anxious to avoid any SSL traffic based on port exclusions, you might consider other well-known ports - 587, 465, etc.
>
> Mike
>
> On Jan 16, 2014, at 10:39 AM, George Insko <ginsko3 at gmail.com> wrote:
>
>> Good call. Thanks.
>>
>>
>> On Thu, Jan 16, 2014 at 10:33 AM, Seth Hall <seth at icir.org> wrote:
>>
>> On Jan 16, 2014, at 10:12 AM, George Insko <ginsko3 at gmail.com> wrote:
>>
>>> #Nothing from src host to dst port
>>> !(src host 0.0.0.0/0 && dst port 443) &&
>>> Does that make sense and will it work? Do you all have any other ways to permanently filter traffic?
>>
>> I think you meant to do…
>>
>> (not src port 443 and not dst port 443)
>>
>> .Seth
>>
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro.org/
>>
>>
>>
>>
>> --
>> George Insko
>> Email: ginsko3 at gmail.com
>> Twitter: @ginsko3
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140116/bb3aa952/attachment.bin
More information about the Bro
mailing list