Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Honeypots: Re: [Fwd: Re: WMF Exploit]

Re: [Fwd: Re: WMF Exploit]

From: Frank Knobbe <frank_at_knobbe.us>
Date: Wed, 04 Jan 2006 12:42:33 -0600

On Wed, 2006-01-04 at 13:12 +0100, Stefan Kelm wrote:
> I thought about playing with this snort rule on Roo-189 but am reluctant
> to set "flow_depth 0" within snort.conf. Has anyone tried something
> similar?

We're running it with flow_depth 0 on dedicated Snort instances that
only run those few rules. That way Snort doesn't turn into a brick on
average utilized networks. Performance impact of those few rules with
flow_depth is very low.

Cheers,
Frank

> http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_WMF_Exploit?only_with_tag=HEAD&view=markup 

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Received on Jan 04 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos