Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Source quenchyness

From: "Chris Grout" <cgrout () s4r com>
Date: Mon, 14 Jan 2002 18:11:08 -0800
Dooh....  Ignore my last.  I just re-read your email and somehow did not
comprehend this part:


...all from one of their NT servers sitting on the same subnet as mine.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of a.h.s. boy
Sent: Monday, January 14, 2002 5:43 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Source quenchyness


I have a box co-located at a friend's company, and have Snort/ACID setup
on it (with HOME_NET restricted to only my machine...I'm not concerned
with monitoring all their traffic).

I get about 5-6000 ICMP Source Quench alerts a day(!)...all from one of
their NT servers sitting on the same subnet as mine. I'm not sure what
role the NT box serves for them, but it certainly is chatty with my box.

<snip>


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: