Snort mailing list archives
Re: Pulled Pork
From: Berk Gulenler <gulenler () boun edu tr>
Date: Wed, 31 Oct 2012 09:13:28 +0200
That's funny. :)) On 10/31/2012 03:13 AM, JJ Cummings wrote:
alert ip any any -> any any (msg:"oh noes, your oinkmaster cron is the broken!!"; sid:666; rev:1;) Sent from the iRoad On Oct 30, 2012, at 18:49, Jeremy Hoel <jthoel () gmail com> wrote:Now that's a funny idea. Ha! On Oct 30, 2012 6:28 PM, "waldo kitty" <wkitty42 () windstream net> wrote:On 10/30/2012 16:25, Joel Esler wrote:On Oct 30, 2012, at 12:02 PM, waldo kitty wrote:On 10/30/2012 10:55, Joel Esler wrote:We have the 15 minute delay in place, as there are some people who like to download the entire ruleset every 5 seconds.i highly suspect that these are folks with bad cron entries... you'd think they'd be aware of the problem but obviously 1) they are not OR 2) they do not care OR 3) they are trying to cause problems ie: (d)dos anyone?I believe it's #1. They don't know the problem exists. I've written a few of them, and a couple of them have corrected the issue, we have one who acknowledged the problem and is going to fix it (don't know when),not trying to be nosy but this is out of how many unique oinkcodes abusing the services like this?and some that haven't acknowledged at all. And some, whose emails just bounced.i'd bet that if those oinkcodes were disabled they'd wake up... or maybe feed them a "rules archive" with a file inside that states the problem, that their registered email address is no longer valid and why the code has been set to redirect to this non-rules archive ;) HA! or even a rule or rules that alerts on traffic and has a message that would point out to them the problem... if they are watching their snort output, that would definitely get their attention ;) ;) ;) ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! alert ip any any -> any any (msg:"oh noes, your oinkmaster cron is the broken!!"; sid:666; rev:1;) Sent from the iRoad On Oct 30, 2012, at 18:49, Jeremy Hoel <jthoel () gmail com <mailto:jthoel () gmail com>> wrote:Now that's a funny idea. Ha! On Oct 30, 2012 6:28 PM, "waldo kitty" <wkitty42 () windstream net <mailto:wkitty42 () windstream net>> wrote: On 10/30/2012 16:25, Joel Esler wrote: > On Oct 30, 2012, at 12:02 PM, waldo kitty wrote: >> On 10/30/2012 10:55, Joel Esler wrote: >> >>> We have the 15 minute delay in place, as there are some people who like to >>> download the entire ruleset every 5 seconds. >> >> i highly suspect that these are folks with bad cron entries... you'd think >> they'd be aware of the problem but obviously >> >> 1) they are not OR >> 2) they do not care OR >> 3) they are trying to cause problems ie: (d)dos anyone? > > I believe it's #1. They don't know the problem exists. I've written a few of > them, and a couple of them have corrected the issue, we have one who > acknowledged the problem and is going to fix it (don't know when), not trying to be nosy but this is out of how many unique oinkcodes abusing the services like this? > and some that haven't acknowledged at all. > > And some, whose emails just bounced. i'd bet that if those oinkcodes were disabled they'd wake up... or maybe feed them a "rules archive" with a file inside that states the problem, that their registered email address is no longer valid and why the code has been set to redirect to this non-rules archive ;) HA! or even a rule or rules that alerts on traffic and has a message that would point out to them the problem... if they are watching their snort output, that would definitely get their attention ;) ;) ;) ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Pulled Pork, (continued)
- Re: Pulled Pork JJ Cummings (Oct 29)
- Re: Pulled Pork k vijay sai prashanth (Oct 30)
- Re: Pulled Pork Peter Bates (Oct 30)
- Re: Pulled Pork JJ Cummings (Oct 30)
- Re: Pulled Pork Joel Esler (Oct 30)
- Re: Pulled Pork waldo kitty (Oct 30)
- Re: Pulled Pork Joel Esler (Oct 30)
- Re: Pulled Pork waldo kitty (Oct 30)
- Re: Pulled Pork Jeremy Hoel (Oct 30)
- Re: Pulled Pork JJ Cummings (Oct 30)
- Re: Pulled Pork Berk Gulenler (Oct 31)
- Re: Pulled Pork Joel Esler (Oct 31)