Snort mailing list archives

Snort Performance

From: mik sib <miksib2000 () yahoo it>
Date: Fri, 9 Jan 2004 09:09:02 +0100 (CET)

Hi all,
i'm trying snort with guardian.
I'm wondering about the performance that i can obtain
from them togheter to protect my fw.
I have this doubt, excuse me if i didn't read ALL the
snort documentation yet, because i can't realize how
fast can be snort in detecting bad trafic expecially
on a busy gw.
During the last hour, i saw the guardian do his job in
blocking the trafic from a suspicoius server/ip that
was sending me a virus but only after that the
connection was already closed.

The bad email with the virus has been delivered and
after the end of the connection the snort/guardian has
detected and put down a drop rule.

Do i miss something?
Do i need more computing power? i'm using a P3 with
256 Mb ram.
Does the snort do some kind of buffering and does it
analyze the packets after a while?
I suppose that expecially on busy gw and with a lot of
packets per second this is the only way it can work.
Am i right?

Wich other tools like snort + guardian are available
to analyze and block suspicious ip and from one of you
reading this post already tested with success?.

Can snort detect p2p traffic made from clients that
access the internet through a proxy like kadza ? How
can i avoid and control that kind of traffic ?

Tahnk you very much

Mik

______________________________________________________________________
Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam
http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/

-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Performance mik sib (Jan 09)
- <Possible follow-ups>
- Snort performance SN ORT (Feb 02)
  - RE: Snort performance Michael Steele (Feb 02)
- Snort Performance Laura (Mar 26)
  - RE: Snort Performance Jim Hendrick (Mar 26)
  - Re: Snort Performance Rodrigo B. Ramos (Mar 26)
- Re: Snort Performance Mark . Schutzmann (Mar 26)
  - RE: Snort Performance Laura (Mar 26)