[Snort-users] Snort Vs Cisco

Dan Hollis goemon at ...20...
Tue Oct 10 21:51:32 EDT 2000


On Tue, 10 Oct 2000, Ryan Russell wrote:
> On Tue, 10 Oct 2000, Dan Hollis wrote:
> > NFR have also got an anti-linux agenda.
> > Last time I checked they were claiming Linux couldnt snoop 100mbit of
> > traffic, while BSD could.
> You can listen to an interview of ours where MJR addresses this question:
> http://www.securityfocus.com/media/1
> In short, he says at the time (Kernel 1.x something/2.0) Linux had an
> inefficient way of copying network packets around.  However, MJR claims
> that even though the problem is now probably fixed in the kernel, he had
> anough flames from the Linux zealots that he's not really interested in
> going back to check.
> It's all a bit moot now, as NFR is now an "appliance", and has it's own OS
> (stripped *BSD.)  He talks about the OS a bit in the interview as well.

But I remember most of his complaints was not that Linux was inefficient
at a kernel level, but that the i/o techniques he was using on BSD were
inefficient on Linux, and a general rant why Linux can't use the exact
same API and semantics as BSD. It was pointed out to him numerous times
how he could change NFR to be efficient on Linux and he basically refused
to listen.

A couple years ago NFR might have been hot shit, but no longer...

And those of us running snort on linux could probably care less about
NFR =)

-Dan




More information about the Snort-users mailing list