Snort mailing list archives

Re: Acceptable packet loss?

From: byte_jump <bytejump () gmail com>
Date: Mon, 23 May 2005 16:56:44 -0600

Also keep in mind that it is fairly trivial to bypass Snort
altogether. Kind of makes packet loss discussions pointless.

See Dave Aitel's presentation at CanSecWest '05:
http://www.immunitysec.com/downloads/Practical_IDS_Evasion.sxi

In fairness, I must point out that most network-based intrusion
detection systems suffer from the same problems.

byte_jump

On 5/23/05, Byron Pezan <byron () angelica com> wrote:

What do most of you consider to acceptable packet loss?

I am running snort 2.1 on some fairly low end hardware and have tuned
the box using some suggestions from Mark Kettler in one of his earlier
posts to the list
(http://marc.theaimsgroup.com/?l=snort-users&m=105586643024094&w=2).  I
am seeing about 4% packet loss on this sensor during my (un-scientific)
testing.  Would you consider that acceptable or should I look into
further tuning?

Byron Pezan


-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12&alloc_id344&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Acceptable packet loss? Byron Pezan (May 23)
- Re: Acceptable packet loss? Matt Kettler (May 23)
  - Re: Acceptable packet loss? Joel Esler (May 23)
- Re: Acceptable packet loss? byte_jump (May 23)
- <Possible follow-ups>
- RE: Acceptable packet loss? Biswas, Proneet (May 24)