[Snort-devel] Thoughts on threads
jon at ...370...
Mon Apr 30 08:13:01 EDT 2001
I'm thinking of pre-attack scans. Not that we do things like this here, but
see that some sites may attempt to implement post-processing logic to look
such scans and react accordingly. Given that the world is full of kiddies,
scans are usually a few milliseconds prior to the launch, so reordering even
tad causes me concern.
I'm just bringing this up because it occurs to me; it seems I'm in the
it's probably something to forget about.
----- Original Message -----
From: "Todd Lewis" <tlewis at ...255...>
To: "Jon Bentley" <jon at ...370...>
Cc: <snort-devel at lists.sourceforge.net>
Sent: Sunday, April 29, 2001 10:17 PM
Subject: Re: [Snort-devel] Thoughts on threads
> On Fri, 6 Apr 2001, Jon Bentley wrote:
> > Threads (nee parallelization) would cause me some concern, as it would
> > potentially remove the serial order of received packets. Perhaps that
> > a concern of only myself, though. (Packet sequence numbers, with a
> > process reordering?)
> Jon, is your objection to traffic reordering in general or reordering
> caused by snort in particular? I.e., traffic will often be reordered
> as it travels across the network anyway, so what's the trouble with
> snort reordering it as part of its processing?
> Todd Lewis
> tlewis at ...255...
More information about the Snort-devel