Snort mailing list archives

Previous By Date Next
Previous By Thread Next

kazaa II

From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Fri, 14 Feb 2003 11:07:01 -0700
Hi,
  Having experienced this myself a year of so ago here is my
feed FWIW. This is simply one of the scariest programs out there.
It sucked like 90% spike in my traffic pipe at the time. You will notice
suddenly a huge anomoly in your traffic logs. Which is IMHO 
a sure sign. It suddenly feels like someone on your pipe is 
trying to download the entire internet onto their system.
You should know generally the traffic flow on the pipes anyhow.
Guess what;-) I have not tried this in way but was thinking 
about trying it. Why not use snorts flex response to react
to this anomoly. OR at least alert to it? 
Note: I am assuming that is what flex-resp buys you. 
 Combine this with
ALTQ capacities or tcp/builtin equivalent in linux. Then have this 
rapid sustained requests throttled and flag for investigating.
It is amazing just how much traffic is suddenly tunneling to 
your network. In my experience the user in question doe like 
response was. Hey something wrong the internet it was great
for the past  ?? hours or so. Suddenly it seems I can't connect
right. It takes a real long time. Had to walk away so I 
didn't say something too vile. The heavier the sustained demand 
for a service from a specific system is big hint. 

Best Regards,
dreamwvr () dreamwvr com

-- 
/*  Security is a work in progress - dreamwvr                 */
#                                                             
# Note: To begin Journey type man afterboot,man help,man hier[.]      
#                                                             
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: