Re: Dropping packets why?

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Elijah Savage schrieb:

> I have snort setup on my openbsd firewall with 3 interfaces
> 2 intel interface
> 1 3com interface
> All are pci on 100mbit switches
> K62 300 128 meg of mem
>
> I figured this machine should be strong enough to simply handle a cable
> connection but I am dropping packets
>
> Snort analyzed 19376 out of 20072 packets, dropping 696(3.468%) packets

Considering your hardware quite a small loss, AFAIC. I guess you do not
have a lot of traffic. We're using 2GHz P4s with at least 512MB RAM
still tuning our rule set in order to catch up with the traffic bursts
in a fast ethernet network.

My feeling ;) is that Athlons "feel" faster but I like Intel because
of they have good overheat protection and are stable. Please yourself.

You may want to deactivate all rules you mean you can do without unless
you already have. Also blend out encrypted connections using the BPF
rules since Snort can only find false positives inthere.

Buy another hardware if you're serious about it. ;)

Regards,
Edin

[...]
--
Edin Dizdarevic



-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users