Snort mailing list archives
Re: TCP Resets
From: Gary Flynn <flynngn () jmu edu>
Date: Sat, 28 Feb 2004 23:59:48 -0500
One more consideration. If you're running something inline and you drop a packet, you have to consider the effects on the overlying application. For example, an SMTP server sending a virus in the middle of a set of messages may queue up messages behind the failed transmission. Not only that, if worm activity is heavy you better drop the server connection after you drop the packet. Doing otherwise does bad things due to a bunch of half-open connections on the receiving server. I speak from a bad experience on that one. :) As someone told me on another list, that is the price one pays when one tries to address an application problem at the network layer. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCP Resets Josh Berry (Feb 27)
- Re: TCP Resets twig les (Feb 27)
- Re: TCP Resets Josh Berry (Feb 27)
- Re: TCP Resets Jeff Kell (Feb 27)
- Re: TCP Resets Josh Berry (Feb 27)
- <Possible follow-ups>
- Re: TCP Resets Gary Flynn (Feb 28)
- Re: TCP Resets twig les (Feb 27)