Snort mailing list archives
Snort Performance
From: mik sib <miksib2000 () yahoo it>
Date: Fri, 9 Jan 2004 09:09:02 +0100 (CET)
Hi all, i'm trying snort with guardian. I'm wondering about the performance that i can obtain from them togheter to protect my fw. I have this doubt, excuse me if i didn't read ALL the snort documentation yet, because i can't realize how fast can be snort in detecting bad trafic expecially on a busy gw. During the last hour, i saw the guardian do his job in blocking the trafic from a suspicoius server/ip that was sending me a virus but only after that the connection was already closed. The bad email with the virus has been delivered and after the end of the connection the snort/guardian has detected and put down a drop rule. Do i miss something? Do i need more computing power? i'm using a P3 with 256 Mb ram. Does the snort do some kind of buffering and does it analyze the packets after a while? I suppose that expecially on busy gw and with a lot of packets per second this is the only way it can work. Am i right? Wich other tools like snort + guardian are available to analyze and block suspicious ip and from one of you reading this post already tested with success?. Can snort detect p2p traffic made from clients that access the internet through a proxy like kadza ? How can i avoid and control that kind of traffic ? Tahnk you very much Mik ______________________________________________________________________ Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Performance mik sib (Jan 09)
- <Possible follow-ups>
- Snort performance SN ORT (Feb 02)
- RE: Snort performance Michael Steele (Feb 02)
- Snort Performance Laura (Mar 26)
- RE: Snort Performance Jim Hendrick (Mar 26)
- Re: Snort Performance Rodrigo B. Ramos (Mar 26)
- Re: Snort Performance Mark . Schutzmann (Mar 26)
- RE: Snort Performance Laura (Mar 26)