Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SNORT PARALLELIZATION SECURITY ISSUES

From: Amtul Saboor <saboor.amtul () gmail com>
Date: Tue, 26 Feb 2013 16:09:26 +0500
Hello,

I am a post graduate student of Information Security. I have learnt many
important things related to snort parallelisation.

I want to ask a query about snort flow level multi core parallelization at
pre-processor level.

*1) Can snort detection rate remains same for all attacks after flow level
parallelisation?

2) As the parallelisation of netowrk traffic in each core is based on flow,
what "flow" actually means? If flow means a TCP session then read the third
question as well

3) what are the problems that can be faced in detecting multi session
attacks ; because many applciation level attacks occur in multi sessions. *e.g.
DDOS attack that occurs in more than one session. How can snort detect them?



Please reply me As soon as possible.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: