Snort mailing list archives

Re: Aurora Exploit Attempt Alert One Hour Delay

From: Latonya Hall <lhall () vahna net>
Date: Thu, 23 Jan 2014 17:57:10 -0500

Hmmm...running Snort.
On Jan 23, 2014 5:54 PM, "Eoin Miller" <eoin.miller () trojanedbinaries com>
wrote:

 On 1/23/14 4:28 PM, LaTonya Hall wrote:

There is about a one hour delay from exploit attempt to snort alert…any
ideas?

  *-LaTonya*

 This happens with Suricata sometimes, there is some timeout value for
sessions that don't get closed then the open session finally gets reaped
and the alerts flushed out. Don't know if the same happens in Snort (or if
you are running Snort or Suricata).

-- Eoin


------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.

http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay waldo kitty (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Kevin Ross (Jan 23)
  - Re: Aurora Exploit Attempt Alert One Hour Delay LaTonya Hall (Jan 23)
    - Re: Aurora Exploit Attempt Alert One Hour Delay Mike Miller (Jan 23)
    - Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
    - Re: Aurora Exploit Attempt Alert One Hour Delay Mike Miller (Jan 23)
    - Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
    - Re: Aurora Exploit Attempt Alert One Hour Delay James Lay (Jan 23)
- Re: Aurora Exploit Attempt Alert One Hour Delay Eoin Miller (Jan 23)
  - Re: Aurora Exploit Attempt Alert One Hour Delay Latonya Hall (Jan 23)
  - Re: Aurora Exploit Attempt Alert One Hour Delay Joel Esler (jesler) (Jan 23)