[Snort-users] Snort 2.0.4 CPU Utilization\Optimization

Matt Kettler mkettler at ...4108...
Fri Nov 21 08:44:04 EST 2003


At 03:27 AM 11/21/2003, Edin Dizdarevic wrote:
>Stream4_reassemble:
>Deactivate ports you're not using.
>Port 53 -> DNS is using UDP, AFAIK Stream4_reassemble is for TCP only.

DNS can be done over TCP as well as UDP, although TCP is much less common 
most DNS servers support both. Usually TCP is only used for larger queries 
like large zone transfers.

It's also a preferred connection method when exploiting DNS servers, since 
it's easier to get a shell on a two-way connection.

Unless you've got port 53/tcp filtered at your firewall, definitely keep 
stream4 on port 53. 





More information about the Snort-users mailing list