Re: Snort limitations

["Nicholas Mavis (nmavis)" <nmavis () cisco com>]

Ayoub,

The performance of Snort depends on the resources available on the machine running it. The more traffic you have, the 
more resources (CPU/memory) you will need to have available for Snort.

Nick

From: Ayoub Abid <abid.ayoub () gmail com<mailto:abid.ayoub () gmail com>>
Date: Thursday, March 27, 2014 at 4:32 AM
To: snort-users <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>, "snort-openappid 
() lists sourceforge net<mailto:snort-openappid () lists sourceforge net>" <snort-openappid () lists sourceforge 
net<mailto:snort-openappid () lists sourceforge net>>
Subject: [Snort-users] Snort limitations

Hello


I want to discuss here about how far can we trust snort to secure our network. Have snort some limitations ?

I have tested snort for a couple a weeks. He detects attacks when we have normal traffic. But When we have a huge 
traffic like 2000 pak/ sec , he make a big delay to scan all the traffic and detect the Intrusion. For example,  i can 
have an attack now and he will report it in 10 or 15 min.

So what are the Limits of snort to detect attacks?

Thank you
Ayoub

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!