Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Snort DOS?
  • From: Jeff Harris <linux@xxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 16 May 2003 13:42:26 -0700 (PDT)
  • Message-id: <Pine.LNX.4.44.0305161334420.26681-100000@xxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I ran into a situation last week, where my /var partion completely filled
up. Upon investigation, I realized that /var/log/snort filled 85% of the
space available on the partition. Having no space left on /var left no
space for incoming mail and no space for squid cache, and slowed my
machine to a crawl.

Would it be theoretically possible to launch a herd of port scanners
against a known host to fill up someone's /var drive and shut them down?
Or, am I missing something in a logrotate or config setting somewhere?

TIA
Jeff Harris

- ---
Registered Linux user #304026.
"lynx -source http://www.rallycentral.us/~linux/jharris.asc | gpg --import"
or "gpg --keyserver pgp.mit.edu --recv-key BD23A31E"
Key fingerprint = FB8C 3210 8DE1 78F4 6505 5918 0C34 BE94 BD23 A31E

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQE+xU04DDS+lL0jox4RAkpFAJ4rzc3jvPN023uw93Nb2+vL6EwS3QCfXssg
nFhxyCz5rfzNTWBP7/FCjeA=
=w5B0
-----END PGP SIGNATURE-----



< Previous Next >