[Snort-devel] [ snort-Bugs-525857 ] Some packet escapes

noreply at ...12... noreply at ...12...
Thu Mar 14 19:34:10 EST 2002


Bugs item #525857, was opened at 2002-03-05 00:12
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=525857&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: Some packet escapes

Initial Comment:
I placed a "ssh hunter killer" on one of my router. 
That means i configured a snort to look out for ssh signatures in 
packets and send an icmp_rst if found. 
Everything works okay just for one bit of a problem. 
If someone tries to ssh to outer world it's connection is resetted, 
but if he tries 20 30 times very fast, one connection goes through. 
I'm only testing for ssh at the beginning of the connection because 
the rest of it it's encrypted. 
Is it a bug? is it because the agregated traffic is too big? ( aprox 8 
mbps down and 8 up) 
The computer is a Intel p3 800mhz with 512 RAM and Linux 
Slackware 8.0

Thanks



----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=525857&group_id=3357




More information about the Snort-devel mailing list