Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH between subnets

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 15 Sep 2014 18:29:46 +0000
Try setting a BPF for ignoring the SSH port.



On Sep 15, 2014, at 11:13 AM, Cody Brugh <cbrugh () gmail com> wrote:

Hello,

I am trying to SSH/rsync files between two subnets (10.2.x.x/16 and 10.20.1.x/24) snort is running in-line on the 
10.2.x.x subnet and not on the other.  What I am seeing is my rsync goes really slow and if I login to the snort box 
I see CPU at 90-100% pegged... if I stopped the rsync the CPU goes back to normal.

I have the SSH pre-processor stuff disabled and still see this behavior.  Does anyone happen to know what could be 
causing this?

Thanks,
Cody
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: