[Snort-users] Aurora Exploit Attempt Alert One Hour Delay

Eoin Miller eoin.miller at ...14586...
Thu Jan 23 17:32:22 EST 2014


On 1/23/14 4:28 PM, LaTonya Hall wrote:
> There is about a one hour delay from exploit attempt to snort
> alert...any ideas?
>
> *-LaTonya*
>
This happens with Suricata sometimes, there is some timeout value for
sessions that don't get closed then the open session finally gets reaped
and the alerts flushed out. Don't know if the same happens in Snort (or
if you are running Snort or Suricata).

-- Eoin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140123/7f984ecb/attachment.html>


More information about the Snort-users mailing list