[Snort-users] Flexible Response: Heads up

Abe L. Getchell abegetchell at ...5959...
Tue Jan 21 08:09:06 EST 2003


Hi Bob,
	Just out of curiosity, what was the impact on performance of
both the firewall and the Snort box while this was happening?  Did you
happen to do a top or vmstat while the loop was occurring?

Thanks,
Abe

--
Abe L. Getchell
Security Engineer
abegetchell at ...5959...

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bob
McDowell
Sent: Tuesday, January 21, 2003 9:49 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Flexible Response: Heads up




I cleverly got my iptables firewall stuck in a loop last night using
flexible response.  It didn't occur to me at the time, but do not set
the 'bad traffic' rule for 'tcp port zero' to reset.
The end result was one bad packet followed by iptables and snort having
a war to see who could spam my logs the most.  I've never seen a screen
scroll so fast...



Bob McDowell 
IS Specialist 
Cox HealthPlans, LLC 
417.269.2848 





More information about the Snort-users mailing list