Home page logo
/

snort logo Snort mailing list archives

Re: Excessive Read Requests
From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 1 Nov 2010 14:11:22 -0400

On Mon, Nov 1, 2010 at 1:41 PM, Lay, James <james.lay () wincofoods com> wrote:

Thanks Russ…would love to see where it’s at in the source as since 2.9.0.1
is out I may as well knock it out since I’ll have to compile it anyways J


Look for DCE2_READ__QUEUE_SIZE in dynamic-preprocessors/dcerpc2/dce2_smb.c.



James



*From:* Russ Combs [mailto:rcombs () sourcefire com]
*Sent:* Monday, November 01, 2010 11:26 AM
*To:* Lay, James
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] Excessive Read Requests





On Mon, Nov 1, 2010 at 1:02 PM, Lay, James <james.lay () wincofoods com>
wrote:

So I just got one of these today (YAY):



[133:19:1] (dcerpc2) SMB - Excessive Read requests (>10) with pending Read
responses [Priority: 3] {TCP} 10.21.10.227:3216 -> 10.1.2.52:139



Question…how does one up that 10 to say 20?   Is there an dcerpc2 option
for it, cause I couldn’t seem to find it in the README.dcerpc2.  Anything
besides thresholding it out?  Thanks.


This is a dcerpc2 hard limit on the number of simultaneous read requests.
There is nothing configurable here.  I can point you to the define in the
source if you need to go that route.  Otherwise you will need to squelch
them.



James Lay



------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America
contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in
marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America
contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in
marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault