Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Portscan2, where port !=X

From: Matt Kettler <mkettler () evi-inc com>
Date: Sun, 31 Aug 2003 14:39:00 -0400
At 12:16 PM 8/31/2003 -0500, Jade E. Deane wrote:

A very good point indeed.  In fact, the sensors I'm playing around with
here at home are both dual Intel Pro 200s.

Can you, or someone else on the list, provide any suggestions for
running snort on minimal hardware?
disable spp_portscan2, and spp_conversation. If you've got low memory, turn on the lowmem search option (it's in snort.conf but commented out by default) 


I'm also curious, how can you (while snort is acting as a background
alert daemon) get a sense of the packet drop rate?
kill -USR1 snort's PID and then check syslog 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: