Snort mailing list archives
Re: Snort limitations
From: "Stark, Vernon L." <Vernon.Stark () jhuapl edu>
Date: Thu, 27 Mar 2014 19:58:05 -0400
Ayoub, You may want to look at tuning Snort to improve performance. Steven Sturges wrote a great document on tuning Snort (http://www.snort.org/assets/163/WhitePaper_Snort_PerformanceTuning_2009.pdf). An example parameter that can be modified is server_flow_depth. Depending upon the characteristics of traffic on your network, a change in this parameter may make a very large difference in how Snort performs. Also, as Nick indicates below, more CPU and memory may be required to achieve adequate performance in your environment. I suspect most environments run Snort on hosts with many processors and a large amount of memory and divide the network traffic among multiple instances of Snort. Vern From: Nicholas Mavis (nmavis) [mailto:nmavis () cisco com] Sent: Thursday, March 27, 2014 6:37 PM To: Ayoub Abid; snort-users; snort-openappid () lists sourceforge net Subject: Re: [Snort-users] Snort limitations Ayoub The performance of Snort depends on the resources available on the machine running it. The more traffic you have, the more resources (CPU/memory) you will need to have available for Snort. Nick From: Ayoub Abid <abid.ayoub () gmail com<mailto:abid.ayoub () gmail com>> Date: Thursday, March 27, 2014 at 4:32 AM To: snort-users <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>, "snort-openappid () lists sourceforge net<mailto:snort-openappid () lists sourceforge net>" <snort-openappid () lists sourceforge net<mailto:snort-openappid () lists sourceforge net>> Subject: [Snort-users] Snort limitations Hello I want to discuss here about how far can we trust snort to secure our network. Have snort some limitations ? I have tested snort for a couple a weeks. He detects attacks when we have normal traffic. But When we have a huge traffic like 2000 pak/ sec , he make a big delay to scan all the traffic and detect the Intrusion. For example, i can have an attack now and he will report it in 10 or 15 min. So what are the Limits of snort to detect attacks? Thank you Ayoub
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort limitations Ayoub Abid (Mar 27)
- Re: Snort limitations Nicholas Mavis (nmavis) (Mar 27)
- Re: Snort limitations Stark, Vernon L. (Mar 27)
- Re: Snort limitations Nicholas Mavis (nmavis) (Mar 28)
- Re: Snort limitations Stark, Vernon L. (Mar 27)
- <Possible follow-ups>
- Re: Snort Limitations Maxwell, Jamison [HDS] (Mar 28)
- Re: Snort limitations Nicholas Mavis (nmavis) (Mar 27)