Menu
▾
▴
[Snort-inline-users] Fwd: Emergency mode & Suspend mode
|
From: Dave R. <dav...@gm...> - 2008-08-01 15:52:42
|
---------- Forwarded message ---------- From: Dave Remien <dav...@gm...> Date: Fri, Aug 1, 2008 at 9:51 AM Subject: Re: [Snort-inline-users] Emergency mode & Suspend mode To: vishal_nitr <vis...@re...> On Fri, Aug 1, 2008 at 4:26 AM, vishal_nitr <vis...@re...>wrote: > Hi All, > I am using snort-inline-2.6.1.5. Whenever I am sending some attacks > (e.g web, netbios, oracle etc) to my snort machine it is not detecting them > at all and giving some message as "shifting to Emergency mode" and after > some time "shifting to suspend mode" . Snort has protection against single packet TCP attacks (i.e., stick, snot, etc.) Later versions of snort (including the one you're running) are designed to ignore these attacks, since if it didn't, the attacks could bring snort to it's knees (with alerts). > Can somebody explain to me what are these modes and why snort is getting > into these modes ? The modes are self-protective modes to keep from depleting all TCP stream resources. Your attack is invoking this mode. > > > I will appreciate any kind of help. > > TIA... > > > Thanks and Regards, > Vishal Kotalwar, > Software Engineer, > Aricent, > Chennai-35. > 09884074047. > [image: Naukri]<http://adworks.rediff.com/cgi-bin/AdWorks/click.cgi/www.rediff.com/signature-home.htm/1050715198@Middle5/2212974_2205321/2208023/1?PARTNER=3&OAS_QUERY=null> > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > -- "Of course, someone who knows more about this will correct me if I'm wrong, and someone who knows less will correct me if I'm right." David Palmer (pa...@ty...) -- "Of course, someone who knows more about this will correct me if I'm wrong, and someone who knows less will correct me if I'm right." David Palmer (pa...@ty...) |
