Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Flex-response & CodeRed

From: Mark Wiater <mwiater () bayserve net>
Date: Mon, 13 Aug 2001 06:31:42 -0400
Hi all,

Has anyone using flex response to stop code red seen any instances of the 
slimely bug get through to the web servers?

I'm using the same process on different technology (just haven't upgraded to 
1.8 yet), send a RST after detection of the trigger, default.ida. I'm using 
an arrowpoint load balancer to achieve the same results.

The bad news is that one of the versions CR still sends the second HTTP 
packet, even after the reset.

Could one of you folks employing flex response tell me I'm nuts... or perhaps 
not. I only see about ~150 get through out of about 6000 attempts...

Thanks


Mark

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: