[Snort-openappid] [Snort-users] Snort limitations
Nicholas Mavis (nmavis)
nmavis at ...5...
Thu Mar 27 18:37:11 EDT 2014
The performance of Snort depends on the resources available on the machine running it. The more traffic you have, the more resources (CPU/memory) you will need to have available for Snort.
From: Ayoub Abid <abid.ayoub at ...8...<mailto:abid.ayoub at ...8...>>
Date: Thursday, March 27, 2014 at 4:32 AM
To: snort-users <snort-users at lists.sourceforge.net<mailto:snort-users at ...14....sourceforge.net>>, "snort-openappid at lists.sourceforge.net<mailto:snort-openappid at lists.sourceforge.net>" <snort-openappid at lists.sourceforge.net<mailto:snort-openappid at lists.sourceforge.net>>
Subject: [Snort-users] Snort limitations
I want to discuss here about how far can we trust snort to secure our network. Have snort some limitations ?
I have tested snort for a couple a weeks. He detects attacks when we have normal traffic. But When we have a huge traffic like 2000 pak/ sec , he make a big delay to scan all the traffic and detect the Intrusion. For example, i can have an attack now and he will report it in 10 or 15 min.
So what are the Limits of snort to detect attacks?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-openappid