Honeypots mailing list archives
Re: [Fwd: Re: WMF Exploit]
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 04 Jan 2006 12:42:33 -0600
On Wed, 2006-01-04 at 13:12 +0100, Stefan Kelm wrote:
I thought about playing with this snort rule on Roo-189 but am reluctant to set "flow_depth 0" within snort.conf. Has anyone tried something similar?
We're running it with flow_depth 0 on dedicated Snort instances that only run those few rules. That way Snort doesn't turn into a brick on average utilized networks. Performance impact of those few rules with flow_depth is very low. Cheers, Frank
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_WMF_Exploit?only_with_tag=HEAD&view=markup
-- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- [Fwd: Re: WMF Exploit] Stefan Kelm (Jan 04)
- Re: [Fwd: Re: WMF Exploit] Frank Knobbe (Jan 04)