Snort mailing list archives
Re: SSH between subnets
From: Cody Brugh <cbrugh () gmail com>
Date: Mon, 15 Sep 2014 14:32:59 -0400
Joel, Can you point in the right direction for BPF information/setup? I have never done anything with BPF and not sure what exactly it does. On Mon, Sep 15, 2014 at 2:29 PM, Joel Esler (jesler) <jesler () cisco com> wrote:
Try setting a BPF for ignoring the SSH port.On Sep 15, 2014, at 11:13 AM, Cody Brugh <cbrugh () gmail com> wrote: Hello, I am trying to SSH/rsync files between two subnets (10.2.x.x/16 and10.20.1.x/24) snort is running in-line on the 10.2.x.x subnet and not on the other. What I am seeing is my rsync goes really slow and if I login to the snort box I see CPU at 90-100% pegged... if I stopped the rsync the CPU goes back to normal.I have the SSH pre-processor stuff disabled and still see thisbehavior. Does anyone happen to know what could be causing this?Thanks, Cody------------------------------------------------------------------------------Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable.http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk_______________________________________________Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news!
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SSH between subnets Cody Brugh (Sep 15)
- Re: SSH between subnets Joel Esler (jesler) (Sep 15)
- Re: SSH between subnets Cody Brugh (Sep 15)
- Re: SSH between subnets Cody Brugh (Sep 15)
- Re: SSH between subnets Cody Brugh (Sep 15)
- Re: SSH between subnets Joel Esler (jesler) (Sep 15)