Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Snort on Gigabit [was Re: IDS\IPS that can handle one Gig]

from [mamo] Network Security [Permanent Link]
Subject: Snort on Gigabit [was Re: IDS\IPS that can handle one Gig]
Date: Sun, 29 May 2005 10:37:32 +0200 
Hello Everybody.


On 5/21/05, Byron L. Sonne <blsonne@rogers.com> wrote:
It's not a vendor, but I've heard people have been running Snort quite
well on gig links.


In this days I am trying to configure Snort to analyze traffic on a
busy gigabit link (400-600Mbit), and I am finding I lose 60-80%
traffic with the default snort config on freebsd (with device polling
and some kernel tuning for sniffing purpose) with a quite good
hardware. From my first analysis it looks like the problem is in how
the prepocessor works and are configured (without preprocessor I can
process near all the traffic)

Is there anybody that used snort on gigabit connection that can share
with us experience and tuning tips?

Best Regards,
                 Mamo
PS
For sourcefire people or people that used their product.. What are the
difference between the snort engine in the sourcefire appliance and
the open source one?

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New to Snort !!!, Joel Esler
Next by Date:  Re: Value of IDS, ROI, Jonathan Glass
Previous by Thread:  Re: IDS\IPS that can handle one Gig, Byron L. Sonne
Next by Thread:  Re: IDS\IPS that can handle one Gig, Konstantin V. Gavrilenko
Indexes:  [Date] [Thread] [Top] [All Lists]