[Snort-users] Snort 2.0.4 CPU Utilization\Optimization
edin.dizdarevic at ...7509...
Fri Nov 21 08:52:04 EST 2003
Right, that was a bad example :)
It took me an hour to wake up. I shoul drink coffee with guarana in the
morning from now on... ;)
Matt Kettler schrieb:
> At 03:27 AM 11/21/2003, Edin Dizdarevic wrote:
>> Deactivate ports you're not using.
>> Port 53 -> DNS is using UDP, AFAIK Stream4_reassemble is for TCP only.
> DNS can be done over TCP as well as UDP, although TCP is much less
> common most DNS servers support both. Usually TCP is only used for
> larger queries like large zone transfers.
> It's also a preferred connection method when exploiting DNS servers,
> since it's easier to get a shell on a two-way connection.
> Unless you've got port 53/tcp filtered at your firewall, definitely keep
> stream4 on port 53.
More information about the Snort-users