[Snort-users] Snort 2.0.4 CPU Utilization\Optimization
mkettler at ...4108...
Fri Nov 21 08:44:04 EST 2003
At 03:27 AM 11/21/2003, Edin Dizdarevic wrote:
>Deactivate ports you're not using.
>Port 53 -> DNS is using UDP, AFAIK Stream4_reassemble is for TCP only.
DNS can be done over TCP as well as UDP, although TCP is much less common
most DNS servers support both. Usually TCP is only used for larger queries
like large zone transfers.
It's also a preferred connection method when exploiting DNS servers, since
it's easier to get a shell on a two-way connection.
Unless you've got port 53/tcp filtered at your firewall, definitely keep
stream4 on port 53.
More information about the Snort-users