[Replies are inline]
Quoting Jesper Skou Jensen <jesper.skou.jensen@uni-c.dk>:
1. The user client is on the outside of our network and is accessing one
of our servers on the inside.
No No No. you've got it backwards.
2. This rule must be triggered because of a already established
connection, like this.
Initial connnection
outside_client:highport -> inside_server:80
Response when user downloads
inside_server:80 -> outside_client:highport
Correct?
No. The session sets up as "inside_server:high_port ->
outside_client:80". It's probably one of your workstations, not one
of your servers.
That is exactly what is happening. A outside user is downloading a word
document from one of the servers.
No. An *inside* user is downloading a word doc from an *outside* server.
Thanks for clearing that up for me.
It seems I really didn't do that very well. ;/
jp
--
Framework? I don't need no stinking framework!
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
