TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi
Would you need to apply this fix every time you modified the policy
using the console? Or is it just a 'hidden' option that is not
configurable by the interactive console?
(But I'm very pleased to see that the option is there at all!)
Robert
| Robert Turner
| Intruder-NET Senior Analyst
| [EMAIL PROTECTED]
Brian Fitch (ISSAtlanta) wrote:
> Sent: 30 November 2000 19:28
> To: 'Marcel Engel'; [EMAIL PROTECTED]
> Subject: RE: http-attack-signatures on another TCP port
>
> Open your policy with a text editor (like WordPad)
>
> Scroll down to the very bottom to this area:
>
> [\template\protocols\];
> http =S 80;
> ftp =S 21;
> smtp =S 25;
> pop =S 109-110;
> imap =S 143 220;
> nntp =S 119;
>
> after 80 add a space and 8080 so it will look like this
>
> http =S 80 8080;
>
> Save the policy (note you can do this with current.policy on
> sensor or with your console based policies) and apply to sensor.
>
> Your sensor should now look for http_* signatures over port
> 8080 as well as 80
>
> Greetings,
>
