Snort mailing list archives
Re: Dropping packets why?
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Mon, 27 Oct 2003 20:50:52 +0100
Elijah Savage schrieb:
I have snort setup on my openbsd firewall with 3 interfaces 2 intel interface 1 3com interface All are pci on 100mbit switches K62 300 128 meg of mem I figured this machine should be strong enough to simply handle a cable connection but I am dropping packets Snort analyzed 19376 out of 20072 packets, dropping 696(3.468%) packets
Considering your hardware quite a small loss, AFAIC. I guess you do not have a lot of traffic. We're using 2GHz P4s with at least 512MB RAM still tuning our rule set in order to catch up with the traffic bursts in a fast ethernet network. My feeling ;) is that Athlons "feel" faster but I like Intel because of they have good overheat protection and are stable. Please yourself. You may want to deactivate all rules you mean you can do without unless you already have. Also blend out encrypted connections using the BPF rules since Snort can only find false positives inthere. Buy another hardware if you're serious about it. ;) Regards, Edin [...] -- Edin Dizdarevic ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Dropping packets why? Elijah Savage (Oct 25)
- Message not available
- Re: Dropping packets why? Matt Kettler (Oct 27)
- Message not available
- Re: Dropping packets why? Edin Dizdarevic (Oct 27)
- <Possible follow-ups>
- RE: Dropping packets why? O'Flynn, Derek (Oct 27)
- Re: Dropping packets why? Michael Sierchio (Oct 27)
- copious (snort_decoder) WARNING: Not IPv4 datagram! Ernie Lim (Oct 27)
- RE: copious (snort_decoder) WARNING: Not IPv4 datagram! Ernie Lim (Oct 27)
- Re: copious (snort_decoder) WARNING: Not IPv4 datagram! Geoff (Oct 27)
- Re: Dropping packets why? Michael Sierchio (Oct 27)
- Message not available
- RE: Dropping packets why? Matt Kettler (Oct 27)