Snort mailing list archives
Re: Bad Traffic, Port
From: "Josh Berry" <josh.berry () netschematics com>
Date: Wed, 24 Dec 2003 16:47:26 -0600 (CST)
Are you running Snort on the IPTables machine? If so even though you are blocking port 0 traffic, I believe that Snort can still see the traffic that is coming at the box. So, you are blocking port 0 but Snort reads the traffic off of libpcap before it is denied by IPTables.
Hallo, well, i did this via IPTables; doesn`t work. ----- Original Message ----- From: "Stewart Larsen" <slarsen42 () cfl rr com> To: "Martin Bündgens" <mb () insidetheweb de> Cc: <snort-users () lists sourceforge net> Sent: Wednesday, December 24, 2003 10:02 PM Subject: Re: [Snort-users] Bad Traffic, Port 0 Well, if you check the SID, it says to disallow UDP traffic on Port 0. http://www.snort.org/snort-db/sid.html?sid=525 On Wed, 2003-12-24 at 17:34, Martin Bündgens wrote:Re: [Snort-users] Problem with snort 2.1.0 and redhat 9Hallo, we got several DoS with SID 525 "BAD-TRAFFIC udp port traffic". What can i do to close this problem. This is urgent. Thanks. Regards, Martin Bündgens. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Stewart Larsen ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry () linknet-solutions com ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with snort 2.1.0 and redhat 9 Lang Hoang (Dec 23)
- Re: Problem with snort 2.1.0 and redhat 9 Erek Adams (Dec 24)
- <Possible follow-ups>
- RE: Problem with snort 2.1.0 and redhat 9 Lang Hoang (Dec 24)
- RE: Problem with snort 2.1.0 and redhat 9 Erek Adams (Dec 24)
- Bad Traffic, Port 0 Martin Bündgens (Dec 24)
- Re: Bad Traffic, Port 0 Matt Kettler (Dec 24)
- Re: Bad Traffic, Port 0 Stewart Larsen (Dec 24)
- Re: Bad Traffic, Port 0 Martin Bündgens (Dec 24)
- Re: Bad Traffic, Port Josh Berry (Dec 24)
- Re: Bad Traffic, Port Martin Bündgens (Dec 24)
- Re: Bad Traffic, Port 0 Erwin Van de Velde (Dec 25)