[Snort-sigs] ignoring lots of hosts

David Wilburn dwilburn at ...8...
Wed Dec 10 03:32:01 EST 2003


I'm not sure how the efficiency is on BPF filters versus pass rules.  If 
I have to ignore a large number of hosts (~200-ish), some of which are 
hosts plus port combinations, some of which are just hosts, is it better 
to use BPF filters on the command line, or pass rules?

-Dave Wilburn






More information about the Snort-sigs mailing list