Hello,<br><br>I am a post graduate student of Information Security. I have learnt many important things
related to snort parallelisation. <br>
<br>I want to ask a query about snort flow level multi core parallelization at pre-processor level.<br><br><b>1) Can snort detection rate remains same for all attacks after flow level parallelisation?<br><br>2)
As the parallelisation of netowrk traffic in each core is based on
flow, what "flow" actually means? If flow means a TCP session then read the third question as well<br><br>3) what are the problems that can be faced in detecting multi session
attacks ; because many applciation level attacks occur in multi
sessions. </b>e.g. DDOS attack that occurs in more than one session. How can snort detect them?<br>
<br><br><br>Please reply me As soon as possible.