Snort mailing list archives

flags

From: James Ashton <admin () gitflorida com>
Date: Fri, 07 Jun 2002 23:09:14 -0400

I have a P2-266 with 128Mb RAM and 7200RPM scsi HDs running 1.8.5 with a minimal ruleset.

This is what is running for preprocessors

preprocessor frag2: timeout 15
preprocessor stream4: detect_scan, timeout 15, memcap 17572864
preprocessor stream4_reassemble both, ports [21, 23, 25, 53, 80, 143, 110, 111, 513]
preprocessor portscan: $HOME_NET 5 5 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS

My startup command is:

/usr/sbin/snort -c /etc/snort/snort.conf -i eth0 -D

I am dropping all but 1 in 10 of the packet traffic.
When I add the   -A fast -b   flags snort drops MORE packets. 

Any ideas???  I know that this box will probably not detect all of my traffic (about 4Mbits/sec.) with any realistic 
rule set. but shouldnt it do 
better than this and shouldn't those flags speed it up a little?? 
_______________________________
James Ashton
President
Global Internet Tech, Inc

13840 Osprey Links Dr, #219
Orlando Fl, 32837

407-859-5218 



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

flags James Ashton (Jun 08)
- Re: flags Rob Hughes (Jun 08)
  - Re: flags James Ashton (Jun 08)
    - Re: flags Rob Hughes (Jun 09)
- <Possible follow-ups>
- RE: flags James Ashton (Jun 09)
  - RE: flags Erek Adams (Jun 09)
- RE: flags Brenda A. Bell (Jun 11)
  - RE: flags Erek Adams (Jun 11)