Re: shellcode error

[Erek Adams <erek () theadamsfamily net>]

On Thu, 30 May 2002, Hugo Ferr wrote:

> I would like to have some understanding regarding the following:
> 1. Why should I define ports for shellcode rules?

Think in terms of maintence and coding.  If you can parse a variable, and you
have it in 500 places, you change one place and all 500 change.  If you need
to change one rule, it's "easier" to work with the exceptions than with the
"rule".  The old 'hit the larger target' idea...

> 2. What is the exact syntax? (var $SHELLCODE_PORTS)

[root@foofus]/local/build/snort#grep SHELLCODE snort.conf
# Ports you want to look for SHELLCODE on.  (By default, not port 80)
var SHELLCODE_PORTS !80

> P.S> I 'm big fan snort of snort, but I really feel like documentaion should
> be improved. (Or is it a topic for mail list dedicated for rants :-) ?)

As for improvements, we're all ears.  I'd suggest another thread on this and
have you explain what you mean a bit more.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users