Re: pcre high cpu usage

[Alex Kirk <akirk () sourcefire com>]

> BTW: most offending rules (with like 10000 ticks avg!!) were 4676 and 4677,
> related to Oracle Enterprise Manager. They had the destination restricted to
> the only OEM in the net, but that was enough to cause that delays... May be
> it's time to think in PCRE ofloading! :-)
> Best regards,
> Tomás
What revisions of those rules are you running? We had revs out briefly that
were severely problematic, and we updated them as soon as we realized. I
want to make sure the current versions of those two aren't causing problems.



-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk () sourcefire com

------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users