Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Flexible Response: Heads up

From: "Abe L. Getchell" <abegetchell () qx net>
Date: Tue, 21 Jan 2003 11:08:24 -0500
Hi Bob,
        Just out of curiosity, what was the impact on performance of
both the firewall and the Snort box while this was happening?  Did you
happen to do a top or vmstat while the loop was occurring?

Thanks,
Abe

--
Abe L. Getchell
Security Engineer
abegetchell () qx net

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Bob
McDowell
Sent: Tuesday, January 21, 2003 9:49 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Flexible Response: Heads up




I cleverly got my iptables firewall stuck in a loop last night using
flexible response.  It didn't occur to me at the time, but do not set
the 'bad traffic' rule for 'tcp port zero' to reset.
The end result was one bad packet followed by iptables and snort having
a war to see who could spam my logs the most.  I've never seen a screen
scroll so fast...



Bob McDowell 
IS Specialist 
Cox HealthPlans, LLC 
417.269.2848 



-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: