Snort mailing list archives
Re: Acceptable packet loss?
From: byte_jump <bytejump () gmail com>
Date: Mon, 23 May 2005 16:56:44 -0600
Also keep in mind that it is fairly trivial to bypass Snort altogether. Kind of makes packet loss discussions pointless. See Dave Aitel's presentation at CanSecWest '05: http://www.immunitysec.com/downloads/Practical_IDS_Evasion.sxi In fairness, I must point out that most network-based intrusion detection systems suffer from the same problems. byte_jump On 5/23/05, Byron Pezan <byron () angelica com> wrote:
What do most of you consider to acceptable packet loss? I am running snort 2.1 on some fairly low end hardware and have tuned the box using some suggestions from Mark Kettler in one of his earlier posts to the list (http://marc.theaimsgroup.com/?l=snort-users&m=105586643024094&w=2). I am seeing about 4% packet loss on this sensor during my (un-scientific) testing. Would you consider that acceptable or should I look into further tuning? Byron Pezan ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_idt12&alloc_id344&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acceptable packet loss? Byron Pezan (May 23)
- Re: Acceptable packet loss? Matt Kettler (May 23)
- Re: Acceptable packet loss? Joel Esler (May 23)
- Re: Acceptable packet loss? byte_jump (May 23)
- <Possible follow-ups>
- RE: Acceptable packet loss? Biswas, Proneet (May 24)
- Re: Acceptable packet loss? Matt Kettler (May 23)