[Snort-devel] accurate snort profiles

Gianni Tedesco gianni at ...1804...
Fri Jan 31 07:42:06 EST 2003


Hi,

I've started doing some benchmarks and profiles of firestorm IDS, and
while I was at I thought, hell, may as well run snort through here as
well.

Results of my first run are here:
http://www.scaramanga.co.uk/firestorm/developer/profile-snort190-2003-01-31

Software is snort-1.9.0 (no modifications) running against a lincoln
labs data file (396MB) on linux-2.5.59 on a celeron 1.2GHz. Profiler is
oprofile - an accurate full system hardware-assisted profiler
(http://oprofile.sf.net). I used all the default snort rules. tcp stream
reassembly is disabled.

This is just a preliminary run and I haven't finalised the testbed yet.
Once I have, I will post full configs, rules, compiled binaries, links
to the exact data files, full software and hardware setup etc.

Any comments or suggestions, what would be the most useful version of
snort to use, should I grab CVS versions? Any comments on what rulesets
or data i should be using.

PS. Please CC, im not on the list.

Happy Hacking.

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030131/486147f1/attachment.sig>


More information about the Snort-devel mailing list