Snort mailing list archives
SNORT PARALLELIZATION SECURITY ISSUES
From: Amtul Saboor <saboor.amtul () gmail com>
Date: Tue, 26 Feb 2013 16:09:26 +0500
Hello, I am a post graduate student of Information Security. I have learnt many important things related to snort parallelisation. I want to ask a query about snort flow level multi core parallelization at pre-processor level. *1) Can snort detection rate remains same for all attacks after flow level parallelisation? 2) As the parallelisation of netowrk traffic in each core is based on flow, what "flow" actually means? If flow means a TCP session then read the third question as well 3) what are the problems that can be faced in detecting multi session attacks ; because many applciation level attacks occur in multi sessions. *e.g. DDOS attack that occurs in more than one session. How can snort detect them? Please reply me As soon as possible.
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- SNORT PARALLELIZATION SECURITY ISSUES Amtul Saboor (Feb 26)