[Snort-devel] SNORT PARALLELIZATION SECURITY ISSUES

Amtul Saboor saboor.amtul at ...2499...
Tue Feb 26 06:09:26 EST 2013


Hello,

I am a post graduate student of Information Security. I have learnt many
important things related to snort parallelisation.

I want to ask a query about snort flow level multi core parallelization at
pre-processor level.

*1) Can snort detection rate remains same for all attacks after flow level
parallelisation?

2) As the parallelisation of netowrk traffic in each core is based on flow,
what "flow" actually means? If flow means a TCP session then read the third
question as well

3) what are the problems that can be faced in detecting multi session
attacks ; because many applciation level attacks occur in multi sessions. *e.g.
DDOS attack that occurs in more than one session. How can snort detect them?



Please reply me As soon as possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130226/02a64491/attachment.html>


More information about the Snort-devel mailing list