Snort mailing list archives
kazaa II
From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Fri, 14 Feb 2003 11:07:01 -0700
Hi, Having experienced this myself a year of so ago here is my feed FWIW. This is simply one of the scariest programs out there. It sucked like 90% spike in my traffic pipe at the time. You will notice suddenly a huge anomoly in your traffic logs. Which is IMHO a sure sign. It suddenly feels like someone on your pipe is trying to download the entire internet onto their system. You should know generally the traffic flow on the pipes anyhow. Guess what;-) I have not tried this in way but was thinking about trying it. Why not use snorts flex response to react to this anomoly. OR at least alert to it? Note: I am assuming that is what flex-resp buys you. Combine this with ALTQ capacities or tcp/builtin equivalent in linux. Then have this rapid sustained requests throttled and flag for investigating. It is amazing just how much traffic is suddenly tunneling to your network. In my experience the user in question doe like response was. Hey something wrong the internet it was great for the past ?? hours or so. Suddenly it seems I can't connect right. It takes a real long time. Had to walk away so I didn't say something too vile. The heavier the sustained demand for a service from a specific system is big hint. Best Regards, dreamwvr () dreamwvr com -- /* Security is a work in progress - dreamwvr */ # # Note: To begin Journey type man afterboot,man help,man hier[.] # // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-] ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- kazaa II dreamwvr () dreamwvr com (Feb 14)