Snort mailing list archives

Re: Snort Kernel Module

From: Dragos Ruiu <dr () kyx net>
Date: Tue, 7 Oct 2003 01:38:58 -0700

I hesitate to help anyone use snort in-line for general applications;
it's great for special applications, but IPS in general is just another
random communications error injector in my opinion. Networks are
flaky enough without additional assistance. :-P

You'll have performance issues using iptables and linux, and moving
snort into the kernel will speed some things up, but imho you'll start to 
run into all kinds of other bottlenecks like the more restrictive kernel
memory subsystems on most os'es.  Don't know if it's worth the bother
to approach the problem that way...

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://www.pacsec.jp
pgpkey http://dragos.com/ kyxpgp


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Kernel Module Josh Berry (Oct 06)
- Message not available
  - Re: Snort Kernel Module Matt Kettler (Oct 06)
    - Re: Snort Kernel Module Josh Berry (Oct 06)
    - Re: Snort Kernel Module Mark Nipper (Oct 06)
    - Re: Snort Kernel Module Jason Haar (Oct 06)
    - Re: Snort Kernel Module pieter claassen (Oct 06)
    - Re: Snort Kernel Module Josh Berry (Oct 06)
- portscan traffic & acid wb (Nov 07)
- <Possible follow-ups>
- Re: Snort Kernel Module Ravi Kumar (Oct 06)
  - Re: Snort Kernel Module Dragos Ruiu (Oct 07)
    - Re: Snort Kernel Module pieter claassen (Oct 07)