[Snort-users] Bad Traffic, Port

Josh Berry josh.berry at ...10221...
Wed Dec 24 14:43:01 EST 2003


Are you running Snort on the IPTables machine?  If so even though you are
blocking port 0 traffic, I believe that Snort can still see the traffic
that is coming at the box.  So, you are blocking port 0 but Snort reads
the traffic off of libpcap before it is denied by IPTables.

> Hallo,
>
> well, i did this via IPTables; doesn`t work.
>
> ----- Original Message -----
> From: "Stewart Larsen" <slarsen42 at ...1457...>
> To: "Martin Bündgens" <mb at ...10481...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Wednesday, December 24, 2003 10:02 PM
> Subject: Re: [Snort-users] Bad Traffic, Port 0
>
>
> Well, if you check the SID,  it says to disallow UDP traffic on Port 0.
> http://www.snort.org/snort-db/sid.html?sid=525
>
>
> On Wed, 2003-12-24 at 17:34, Martin Bündgens wrote:
>> Re: [Snort-users] Problem with snort 2.1.0 and redhat 9Hallo,
>>
>> we got several DoS with SID 525 "BAD-TRAFFIC udp port  traffic".
>>
>> What can i do to close this problem. This is urgent. Thanks.
>>
>> Regards,
>> Martin Bündgens.
>>
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: IBM Linux Tutorials.
>> Become an expert in LINUX or just sharpen your skills.  Sign up for
>> IBM's
>> Free Linux Tutorials.  Learn everything from the bash shell to sys
>> admin.
>> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> --
> Stewart Larsen
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


Thanks,
Josh Berry, CTO
LinkNet-Solutions
469-831-8543
josh.berry at ...10268...





More information about the Snort-users mailing list