Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Snort on Gigabit [was Re: IDS\IPS that can handle one Gig]

from [Federated Information Security] Network Security [Permanent Link]
Subject: RE: Snort on Gigabit [was Re: IDS\IPS that can handle one Gig]
Date: Tue, 31 May 2005 13:13:10 -0400 
Sometimes individual rules that are poorly written can crush your
sensors.  Check out www.turbosnort.org for performance benchmarking of
your rule set, and toss or rewrite the rules that aren't efficient.

-----Original Message-----
From: mamo [mailto:mamo74@gmail.com] 
Sent: Sunday, May 29, 2005 4:38 AM
To: Byron L. Sonne
Cc: Randall Jarrell; focus-ids@securityfocus.com
Subject: Snort on Gigabit [was Re: IDS\IPS that can handle one Gig]


Hello Everybody.


On 5/21/05, Byron L. Sonne <blsonne@rogers.com> wrote:
It's not a vendor, but I've heard people have been running Snort quite



well on gig links.


In this days I am trying to configure Snort to analyze traffic on a busy
gigabit link (400-600Mbit), and I am finding I lose 60-80% traffic with
the default snort config on freebsd (with device polling and some kernel
tuning for sniffing purpose) with a quite good hardware. From my first
analysis it looks like the problem is in how the prepocessor works and
are configured (without preprocessor I can process near all the traffic)

Is there anybody that used snort on gigabit connection that can share
with us experience and tuning tips?

Best Regards,
                 Mamo
PS
For sourcefire people or people that used their product.. What are the
difference between the snort engine in the sourcefire appliance and the
open source one?

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS\IPS that can handle one Gig, Per Engelbrecht
Next by Date:  Re: IDS\IPS that can handle one Gig, Peter Schawacker
Previous by Thread:  Re: IDS\IPS that can handle one Gig, Per Engelbrecht
Next by Thread:  Re: Snort on Gigabit [was Re: IDS\IPS that can handle one Gig], Jason
Indexes:  [Date] [Thread] [Top] [All Lists]