Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What does lightweight mean?

From: Chris Green <cmg () uab edu>
Date: 30 May 2001 14:46:58 -0500
"Anderson, Bill" <wander01 () mail state mo us> writes:


I have been considering Snort as an IDS for our organization, but several
people have tried to steer me away because Snort is described as
'lightweight.' What does the term lightweight mean or imply? Does it mean it
can only handle light network traffic streams, or does it mean it is light
in terms of needed resources? Or is it something else entirely? Any thoughts
are welcome.


They are probably meaning "lightweight", as in not up to the task.  As
you are talking to the snort list, I'm sure you can guess the opinion
here.  Many things have limitations and it's best to understand all
the tradeoffs by knowing how they work.



Also, I am currently running snort in the tcpdump file read mode, reading
the files that our Shadow IDS created. Shadow only records the first 68
bytes of each packet in the tcpdump log file. Is this enough packet data for
the Snort rules? Or will Snort work better with more or the entire packet?



Entire packets. ;)
-- 
Chris Green <cmg () uab edu>
Fame may be fleeting but obscurity is forever.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: