Snort mailing list archives
Re: DOS in Snort?
From: Brian <bmc () snort org>
Date: Fri, 14 Feb 2003 22:54:06 -0500
On Wed, Feb 19, 2003 at 02:06:22PM -0600, Counselman, Chris Contractor/Sverdrup wrote:
Snort 1.9, RedHat 8.0, SnortSnarf On one of my sensors I have snort logging locally for SnortSnarf. One IP scanned a class B network I monitor and a snort rule alerted on every IP. This filled the log directory with thousands of entries that eventually reached the maximum allowed limit which broke snort.
You are using an output plugin that is not designed for production quality usage. This is not a flaw in snort, it is a flaw in your installation. Pick a better output plugin. unified is generally the best bet. -brian ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DOS in Snort? Counselman, Chris Contractor/Sverdrup (Feb 21)
- Re: DOS in Snort? Erick Mechler (Feb 21)
- Re: DOS in Snort? Shane Williams (Feb 21)
- Re: DOS in Snort? Brian (Feb 21)
- Re: DOS in Snort? Erick Mechler (Feb 21)