[Snort-sigs] SID 275: Eats CPU

Lars Jørgensen IT Lars.Jorgensen at ...942...
Wed Apr 2 04:00:47 EST 2003


One of my snort boxes was becoming bogged down by traffic (we're on a pretty
loaded 100Mbps link to the Internet here). I started going through the rules
to find the CPU intensive ones and get rid of them if possible.

Once I disabled SID 275 ("DOS NAPHTA" from dos.rules) the CPU load fell from
+98% to about 50-60%.

Other people might benefit from this knowledge. Maybe there's even a
possibility to rewrite the rule.

Lars Jorgensen
Network Administrator
A/S Dagbladet Politiken

More information about the Snort-sigs mailing list