Snort mailing list archives
Re: performance criteria
From: Jamie Riden <jamie.riden () gmail com>
Date: Mon, 16 May 2011 21:11:41 +0100
Hi Jules, For me - and I've been mucking with IDS on and off for a little over ten years now, but very much on a budget - 1. what can you afford? 2. can you load a useful rule set and not be dropping packets? 3. can you tune it properly? This is very much down to personal taste, how much time you have to play with it daily, and the normal traffic of particular installation you're looking at, so I suggest evaluating a couple of units before you commit to purchasing. I've seen McAfee Intrushield (or whatever it's called this month), snort and a quick look at some Juniper box. McAfee was awkward to drive, compared with being able to pipe the snort output into perl or bash scripts. If you don't write perl/bash scripts, you won't get any benefit from this though. cheers, Jamie On 15 May 2011 14:20, Jules Pagna Disso <jules () visionintel com> wrote:
hi, I know this is not directly related to rules but I think you would be the best to help me with the criteria/parameters that need considering when evaluating and IDS performance or when comparing two IDS. thanks, Jules ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
-- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- performance criteria Jules Pagna Disso (May 15)
- Re: performance criteria evilghost () packetmail net (May 15)
- Re: [Emerging-Sigs] performance criteria evilghost () packetmail net (May 15)
- Re: [Emerging-Sigs] performance criteria Jules Pagna Disso (May 16)
- Re: performance criteria Jamie Riden (May 16)
- Re: performance criteria evilghost () packetmail net (May 16)
- Re: performance criteria Randal T. Rioux (May 24)
- Re: [Emerging-Sigs] performance criteria evilghost () packetmail net (May 15)
- Re: performance criteria evilghost () packetmail net (May 15)
- Re: performance criteria Jamie Riden (May 16)