[Snort-devel] Snort 2.0

Daniel A. Aiello aielloda at ...1598...
Thu Oct 3 13:47:05 EDT 2002


I'm a student at Purdue University in the CERIAS group, and I'm doing a
research project on trying to speed Snort up, especially during conditions
like a DOS attack. I've been asking around, because we want to make sure
that our work isn't futile. I've been told that you guys are ditching the
whole "rule chain" thing in 2.0 to go with something that's faster.

The gist of our research was to rearrange the RTNs, and later, possibly
the OTNs, to speed up matching. Obviously, if the whole rule chain is
going away in 2.0, then our efforts could be futile.

Any insight anyone could provide me on this would be greatly appreciated.
I had been hoping that I could start writing code for this project over
the past few days, and this is my only hold up.

Thanks,
Dan






More information about the Snort-devel mailing list