Re: [Snort-inline-users] DoS possible with stick attack

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Will wrote:

> the attack originates from, with -sH stick generates random ip's.  At
> least on my box when I hit 32000 directories snort_inline dies, all
> traffic being passed to queue space isn't ever inspected, and never
> traverses the bridge i.e DoS.  what do you guy's think about taring and
> gziping everything within /var/log/snort when we hit x number of

Do you actually want your log data chopped up into hundreds (thousands) of
files like that anyway? Surely unified is a more useful approach?
- Raz