Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Kernel space

From: Michael Boman <michael.boman () boseco com>
Date: Thu, 17 Jun 2004 09:35:16 +0800
On Thu, 2004-06-17 at 01:34, Matt Kettler wrote:

At 04:12 AM 6/16/2004, Cédric BLIN wrote:

I want to know if someone have already though to migrate Snort into the
kernel space ?


*shudder*.

It's been suggested before, and such things do have good uses, but I for 
one wouldn't want to get anywhere near it.

Yeah, it'd be fast, but given snorts high complexity and history of 
security holes I don't think I'd want it in my kernel. 


Not only that. We are talking about a different ballgame when it comes
to memory allocations and process scheduling (in short: doesn't require
much to become _very_ ugly).

Interesting enough, I have some friends that has been playing with the
thought of moving some parts of the NIDS detection cycle to silicon. If
anyone is interested to talk ideas with them just drop me a email..

Best regards
 Michael Boman

-- 
Michael Boman <michael.boman () boseco com>
BOSECO Internet Security Solutions - http://www.boseco.com



-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: