Snort mailing list archives
RE: Flexible Response: Heads up
From: "Abe L. Getchell" <abegetchell () qx net>
Date: Tue, 21 Jan 2003 11:08:24 -0500
Hi Bob, Just out of curiosity, what was the impact on performance of both the firewall and the Snort box while this was happening? Did you happen to do a top or vmstat while the loop was occurring? Thanks, Abe -- Abe L. Getchell Security Engineer abegetchell () qx net -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Bob McDowell Sent: Tuesday, January 21, 2003 9:49 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Flexible Response: Heads up I cleverly got my iptables firewall stuck in a loop last night using flexible response. It didn't occur to me at the time, but do not set the 'bad traffic' rule for 'tcp port zero' to reset. The end result was one bad packet followed by iptables and snort having a war to see who could spam my logs the most. I've never seen a screen scroll so fast... Bob McDowell IS Specialist Cox HealthPlans, LLC 417.269.2848 ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flexible Response: Heads up Bob McDowell (Jan 21)
- RE: Flexible Response: Heads up Abe L. Getchell (Jan 21)