[Snort-users] Source quenchyness

Chris Grout cgrout at ...3649...
Mon Jan 14 18:12:02 EST 2002


Dooh....  Ignore my last.  I just re-read your email and somehow did not
comprehend this part:

>...all from one of their NT servers sitting on the same subnet as mine.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of a.h.s. boy
Sent: Monday, January 14, 2002 5:43 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Source quenchyness


I have a box co-located at a friend's company, and have Snort/ACID setup
on it (with HOME_NET restricted to only my machine...I'm not concerned
with monitoring all their traffic).

I get about 5-6000 ICMP Source Quench alerts a day(!)...all from one of
their NT servers sitting on the same subnet as mine. I'm not sure what
role the NT box serves for them, but it certainly is chatty with my box.

<snip>





More information about the Snort-users mailing list