[Oisf-devel] UDP rule triggering on wrong port
Chris Wakelin
c.d.wakelin at reading.ac.uk
Wed Mar 30 14:05:23 UTC 2011
On 30/03/11 15:00, Victor Julien wrote:
>>> alert udp $HOME_NET any -> $EXTERNAL_NET 1024: ...
>> which should only match on destination port 1024.
>
> Actually, no. 1024: is a short way of writing 1024 and up. So it should
> match on any unprivileged port: 1024-65535.
>
Ah! You know, I'd not even noticed the ":"! OK, I guess I better just
disable the rule for too many false positives (at least while we don't
have the resources to crack down on filesharers unless we get a
take-down request).
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list