[Snort-users] Pulled Pork

Jeremy Hoel jthoel at ...11827...
Tue Oct 30 20:49:22 EDT 2012


Now that's a funny idea. Ha!
On Oct 30, 2012 6:28 PM, "waldo kitty" <wkitty42 at ...14940...> wrote:

> On 10/30/2012 16:25, Joel Esler wrote:
> > On Oct 30, 2012, at 12:02 PM, waldo kitty wrote:
> >> On 10/30/2012 10:55, Joel Esler wrote:
> >>
> >>> We have the 15 minute delay in place, as there are some people who
> like to
> >>> download the entire ruleset every 5 seconds.
> >>
> >> i highly suspect that these are folks with bad cron entries... you'd
> think
> >> they'd be aware of the problem but obviously
> >>
> >> 1) they are not OR
> >> 2) they do not care OR
> >> 3) they are trying to cause problems ie: (d)dos anyone?
> >
> > I believe it's #1. They don't know the problem exists. I've written a
> few of
> > them, and a couple of them have corrected the issue, we have one who
> > acknowledged the problem and is going to fix it (don't know when),
>
> not trying to be nosy but this is out of how many unique oinkcodes abusing
> the
> services like this?
>
> > and some that haven't acknowledged at all.
> >
> > And some, whose emails just bounced.
>
> i'd bet that if those oinkcodes were disabled they'd wake up... or maybe
> feed
> them a "rules archive" with a file inside that states the problem, that
> their
> registered email address is no longer valid and why the code has been set
> to
> redirect to this non-rules archive ;)
>
> HA! or even a rule or rules that alerts on traffic and has a message that
> would
> point out to them the problem... if they are watching their snort output,
> that
> would definitely get their attention ;) ;) ;)
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121031/9a6d4653/attachment.html>


More information about the Snort-users mailing list