Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux and packet loss

From: Chris Green <cmg () uab edu>
Date: 01 Aug 2001 12:05:20 -0500
"Matthew Collins" <Matthew.Collins () northernregistrars co uk> writes:


I've got snort 1.7 running on a Linux 2.2.19 (Debian) system.

The code red worm is starting to get going now, and I've noticed an
oddity. I've got one alert for .ida attempt in my snort log


What logging method are you using and how close together were the
attacks? Was snort running at the time?  

What is your IDA rule?  I've swear I've seen the packets get
fragmented right at the default.ida break and one rule checking for
'ida?' wouldn't work unless you were using a stream reassembly.

Lots of possibilities here. You might be running into old bugs in 1.7
but I don't know.
-- 
Chris Green <cmg () uab edu>
Laugh and the world laughs with you, snore and you sleep alone.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: