[Snort-users] Excessive Read Requests

Russ Combs rcombs at ...1935...
Mon Nov 1 14:11:22 EDT 2010


On Mon, Nov 1, 2010 at 1:41 PM, Lay, James <james.lay at ...15009...> wrote:

> Thanks Russ…would love to see where it’s at in the source as since 2.9.0.1
> is out I may as well knock it out since I’ll have to compile it anyways J
>

Look for DCE2_READ__QUEUE_SIZE in dynamic-preprocessors/dcerpc2/dce2_smb.c.

>
>
> James
>
>
>
> *From:* Russ Combs [mailto:rcombs at ...1935...]
> *Sent:* Monday, November 01, 2010 11:26 AM
> *To:* Lay, James
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* Re: [Snort-users] Excessive Read Requests
>
>
>
>
>
> On Mon, Nov 1, 2010 at 1:02 PM, Lay, James <james.lay at ...15009...>
> wrote:
>
> So I just got one of these today (YAY):
>
>
>
> [133:19:1] (dcerpc2) SMB - Excessive Read requests (>10) with pending Read
> responses [Priority: 3] {TCP} 10.21.10.227:3216 -> 10.1.2.52:139
>
>
>
> Question…how does one up that 10 to say 20?   Is there an dcerpc2 option
> for it, cause I couldn’t seem to find it in the README.dcerpc2.  Anything
> besides thresholding it out?  Thanks.
>
>
> This is a dcerpc2 hard limit on the number of simultaneous read requests.
> There is nothing configurable here.  I can point you to the define in the
> source if you need to go that route.  Otherwise you will need to squelch
> them.
>
>
>
> James Lay
>
>
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101101/c04bab5a/attachment.html>


More information about the Snort-users mailing list