Stream5 confusion

["Lay, James" <james.lay () wincofoods com>]

Hey Team,

 

So...I'm doing my upgrade to 2.9.0.3, a perfect time to audit my .conf
files.  Maybe I'm over thinking, but I think I'm confused on the
reasons/differences for stream5 ports client/server/both.

 

The default config has things like:

 

                ports client 21 22 23 ...

                ports both 80 311 443 ...

 

Pretending that we don't have ftp, http, and telnet preprocessors,
wouldn't one want to put things like 21, 22, and 23 in as both or
server?  As I understand it, this is how it works, with port 80 as an
example:

 

                ports server 80, reassemble any local -> remote port 80

                ports client 80, reassemble local port 80 -> any remote
port

                ports both 80, reassemble local port 80 -> any remote
port or local port 80 -> any remote port

 

So why would one put port 21 in ports client since the chances of a
client port being 21 connecting to a remote server port 21 are slim to
nil?  Any hints would be most welcome...thank you.

 

James Lay

IT Security Analyst

WinCo Foods

208-672-2014 Office

208-559-1855 Cell

650 N Armstrong Pl.

Boise, Idaho 83704

<<winmail.dat>>

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users