Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Kernel space Snort. Proof of concept test succeeded.

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Wed, 15 Sep 2004 09:13:32 +0100


--On 31 August 2004 18:56 +0200 Willem de Bruijn <wdebruij () dds nl> wrote:


As for filters. we've already ported Aho-Corasick and
Boyer-Moore-Horspool, a  sampler, etc.. For a conference paper we've
pitted snort with BMH in the  kernel against regular snort and found
quite considerable increases in  efficiency (some 50% less CPU
utilization with an older version of the  software, better results are
surely obtainable).
Was the user-mode Snort using Phil Wood's libpcap <http://public.lanl.gov/cpw/> or an older version without MMAP mode support? 


  Willem


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: