Snort mailing list archives
Flex-response & CodeRed
From: Mark Wiater <mwiater () bayserve net>
Date: Mon, 13 Aug 2001 06:31:42 -0400
Hi all, Has anyone using flex response to stop code red seen any instances of the slimely bug get through to the web servers? I'm using the same process on different technology (just haven't upgraded to 1.8 yet), send a RST after detection of the trigger, default.ida. I'm using an arrowpoint load balancer to achieve the same results. The bad news is that one of the versions CR still sends the second HTTP packet, even after the reset. Could one of you folks employing flex response tell me I'm nuts... or perhaps not. I only see about ~150 get through out of about 6000 attempts... Thanks Mark _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flex-response & CodeRed Mark Wiater (Aug 13)