[Snort-users] Snort 2.0.4 CPU Utilization\Optimization

Edin Dizdarevic edin.dizdarevic at ...7509...
Fri Nov 21 08:52:04 EST 2003


Right, that was a bad example :)

It took me an hour to wake up. I shoul drink coffee with guarana in the
morning from now on... ;)

Regards,
Edin

Matt Kettler schrieb:
> At 03:27 AM 11/21/2003, Edin Dizdarevic wrote:
> 
>> Stream4_reassemble:
>> Deactivate ports you're not using.
>> Port 53 -> DNS is using UDP, AFAIK Stream4_reassemble is for TCP only.
> 
> 
> DNS can be done over TCP as well as UDP, although TCP is much less 
> common most DNS servers support both. Usually TCP is only used for 
> larger queries like large zone transfers.
> 
> It's also a preferred connection method when exploiting DNS servers, 
> since it's easier to get a shell on a two-way connection.
> 
> Unless you've got port 53/tcp filtered at your firewall, definitely keep 
> stream4 on port 53.
> 

-- 
Edin Dizdarevic





More information about the Snort-users mailing list