Re: Homebrew Snort Reactive/Unified2 output

[waldo kitty <wkitty42 () windstream net>]

On 3/30/2011 18:42, Martin Holste wrote:
> Why is speed a factor?  Are you trying to issue RST packets or issue
> firewall blocks/ACL rules?  If you want to kill an active connection,
> I don't think anything reading Snort's output will be reliably fast
> enough unless the connection is a rather large file download.  If
> you're not trying to kill the connection, then a few milliseconds
> difference between having a script do the reading and having something
> more built-in do the reading won't matter, and you should go with the
> ease-of-use of the script.

you expressed the above quite well for my side of the fence ;) the old guardian 
script does quite well in my environment with the current improvements and 
updates made to it in the last few years and it is little more than a perl 
script running as a daemon ;)

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users