[Snort-sigs] SID 275: Eats CPU
Lars Jørgensen IT
Lars.Jorgensen at ...942...
Wed Apr 2 04:00:47 EST 2003
One of my snort boxes was becoming bogged down by traffic (we're on a pretty
loaded 100Mbps link to the Internet here). I started going through the rules
to find the CPU intensive ones and get rid of them if possible.
Once I disabled SID 275 ("DOS NAPHTA" from dos.rules) the CPU load fell from
+98% to about 50-60%.
Other people might benefit from this knowledge. Maybe there's even a
possibility to rewrite the rule.
A/S Dagbladet Politiken
More information about the Snort-sigs