[Snort-users] Stream4 and other stuff
cpw at ...440...
Fri Jun 29 15:53:03 EDT 2001
I'm getting extreme packet loss using Version 1.8-beta8 (Build 33).
Snort received 242899 packets and dropped 3692706(93.828%) packets
Breakdown by protocol: Action Stats:
TCP: 233890 (5.943%) ALERTS: 203
UDP: 7435 (0.189%) LOGGED: 203
ICMP: 762 (0.019%) PASSED: 4900
ARP: 0 (0.000%)
IPv6: 0 (0.000%)
Running a tcpdump is clean (at a different time but with similar
load), no packets dropped.
LogMessage was called 9058 times prior to this with the message
WARNING: Fishy TWH from client!
Is there a way to identify the fishy client with some S:s->D:d in the
I'm running these preprocessors:
preprocessor unidecode: 80
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor portscan: $INTERNAL 5 3 $LOG/$SCAN
preprocessor portscan-ignorehosts: $IGNOREHOSTS
Phil Wood, cpw at ...440...
More information about the Snort-users