Snort mailing list archives
flags
From: James Ashton <admin () gitflorida com>
Date: Fri, 07 Jun 2002 23:09:14 -0400
I have a P2-266 with 128Mb RAM and 7200RPM scsi HDs running 1.8.5 with a minimal ruleset. This is what is running for preprocessors preprocessor frag2: timeout 15 preprocessor stream4: detect_scan, timeout 15, memcap 17572864 preprocessor stream4_reassemble both, ports [21, 23, 25, 53, 80, 143, 110, 111, 513] preprocessor portscan: $HOME_NET 5 5 portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS My startup command is: /usr/sbin/snort -c /etc/snort/snort.conf -i eth0 -D I am dropping all but 1 in 10 of the packet traffic. When I add the -A fast -b flags snort drops MORE packets. Any ideas??? I know that this box will probably not detect all of my traffic (about 4Mbits/sec.) with any realistic rule set. but shouldnt it do better than this and shouldn't those flags speed it up a little?? _______________________________ James Ashton President Global Internet Tech, Inc 13840 Osprey Links Dr, #219 Orlando Fl, 32837 407-859-5218 _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users