Snort mailing list archives
Re: pcre high cpu usage
From: Alex Kirk <akirk () sourcefire com>
Date: Tue, 19 Oct 2010 09:50:43 -0400
BTW: most offending rules (with like 10000 ticks avg!!) were 4676 and 4677, related to Oracle Enterprise Manager. They had the destination restricted to the only OEM in the net, but that was enough to cause that delays... May be it's time to think in PCRE ofloading! :-) Best regards, Tomás
What revisions of those rules are you running? We had revs out briefly that were severely problematic, and we updated them as soon as we realized. I want to make sure the current versions of those two aren't causing problems. -- Alex Kirk AEGIS Program Lead Sourcefire Vulnerability Research Team +1-410-423-1937 alex.kirk () sourcefire com
------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pcre high cpu usage Tomas Heredia (Oct 18)
- Re: pcre high cpu usage Joel Esler (Oct 18)
- Re: pcre high cpu usage Tomas Heredia (Oct 18)
- Re: pcre high cpu usage Alex Kirk (Oct 18)
- Re: pcre high cpu usage Tomas Heredia (Oct 19)
- Re: pcre high cpu usage Alex Kirk (Oct 19)
- Re: pcre high cpu usage Tomas Heredia (Oct 19)
- Re: pcre high cpu usage Alex Kirk (Oct 19)
- Re: pcre high cpu usage Tomas Heredia (Oct 19)
- Re: pcre high cpu usage Tomas Heredia (Oct 18)
- Re: pcre high cpu usage Joel Esler (Oct 18)