Snort mailing list archives
Re: Aurora Exploit Attempt Alert One Hour Delay
From: Latonya Hall <lhall () vahna net>
Date: Thu, 23 Jan 2014 17:57:10 -0500
Hmmm...running Snort. On Jan 23, 2014 5:54 PM, "Eoin Miller" <eoin.miller () trojanedbinaries com> wrote:
On 1/23/14 4:28 PM, LaTonya Hall wrote: There is about a one hour delay from exploit attempt to snort alert…any ideas? *-LaTonya* This happens with Suricata sometimes, there is some timeout value for sessions that don't get closed then the open session finally gets reaped and the alerts flushed out. Don't know if the same happens in Snort (or if you are running Snort or Suricata). -- Eoin ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay waldo kitty (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Kevin Ross (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Mike Miller (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Mike Miller (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay James Lay (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Joel Esler (jesler) (Jan 23)