Snort mailing list archives

Re: Snort 2.0.4 CPU Utilization\Optimization

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Fri, 21 Nov 2003 17:50:48 +0100


Right, that was a bad example :)

It took me an hour to wake up. I shoul drink coffee with guarana in the
morning from now on... ;)

Regards,
Edin

Matt Kettler schrieb:

At 03:27 AM 11/21/2003, Edin Dizdarevic wrote:
Stream4_reassemble:
Deactivate ports you're not using.
Port 53 -> DNS is using UDP, AFAIK Stream4_reassemble is for TCP only.
DNS can be done over TCP as well as UDP, although TCP is much lesscommon most DNS servers support both. Usually TCP is only used forlarger queries like large zone transfers.
It's also a preferred connection method when exploiting DNS servers,since it's easier to get a shell on a two-way connection.
Unless you've got port 53/tcp filtered at your firewall, definitely keepstream4 on port 53.


--
Edin Dizdarevic



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 2.0.4 CPU Utilization\Optimization Mark Ewert (Nov 20)
- Re: Snort 2.0.4 CPU Utilization\Optimization Edin Dizdarevic (Nov 21)
  - Re: Snort 2.0.4 CPU Utilization\Optimization Edin Dizdarevic (Nov 21)
  - Re: Snort 2.0.4 CPU Utilization\Optimization Matt Kettler (Nov 21)
    - Re: Snort 2.0.4 CPU Utilization\Optimization Edin Dizdarevic (Nov 21)
- RE: Snort 2.0.4 CPU Utilization\Optimization Tim (Nov 21)
- <Possible follow-ups>
- RE: Snort 2.0.4 CPU Utilization\Optimization Mark Ewert (Nov 20)
- RE: Snort 2.0.4 CPU Utilization\Optimization Kreimendahl, Chad J (Nov 20)
- RE: Snort 2.0.4 CPU Utilization\Optimization Mark Ewert (Nov 21)
- RE: Snort 2.0.4 CPU Utilization\Optimization Mark Ewert (Nov 21)
- RE: Snort 2.0.4 CPU Utilization\Optimization Kreimendahl, Chad J (Nov 21)
- Re: Snort 2.0.4 CPU Utilization\Optimization Jason Haar (Nov 21)