[Snort-users] snort optimization

Avleen Vig avleen at ...396...
Tue Jan 16 09:29:27 EST 2001


Is the server you are scanning behind a firewall?


----- Original Message -----
From: "Deja User" <malzubs at ...479...>
To: <avleen at ...396...>
Sent: Monday, January 15, 2001 7:57 PM
Subject: RE: Re: [Snort-users] snort optimization


> Why I think I'm dropping packets is that I am port scanning my sensed
network with retina, and I don't see snort generating alarms that a port
scan is accruing?
>
> Thanks,
> Mohammed.
>
> >From: "Avleen Vig" <avleen at ...396...>
> >To: "Deja User" <malzubs at ...479...>,
<snort-users at lists.sourceforge.net>
> >Subject: Re: [Snort-users] snort optimization
> >Date: Mon, 15 Jan 2001 19:22:57 -0000
> >
> >The answer to both your questions is "no".
> >I'll be VERY suprised is snort drops any packets on that setup, and you
> >don't need anything more for a "more complete capture".
> >
> >----- Original Message -----
> >From: "Deja User" <malzubs at ...479...>
> >To: <snort-users at lists.sourceforge.net>
> >Sent: Monday, January 15, 2001 7:00 PM
> >Subject: [Snort-users] snort optimization
> >
> >
> >> What is the fastest, most complete was to run snort.  I have a busy
> >network segment that I’m spanning and sending to the snort IDS.
> >> I downloaded the complete rule file from snort.org "snortfull.conf"
> >> So here is what I have
> >> snort -A full -b -c snortfull.com -i eth0 -l /LOG/snort
> >>
> >> Is there anything I can do to make it faster and not drop any traffic?
> >> Also, the snortfull.conf does not include any library references, is
there
> >anything I can do to make my capture more complete?
> >>
> >> Thanks,
> >> Mohammed.
> >>
> >>
> >> ------------------------------------------------------------
> >> --== Sent via Deja.com ==--
> >> http://www.deja.com/
> >>
> >>
> >> J¶®Š‚µ®zŠ²q®z¶Š.…z®Š¢²rz§Š²q®zŠþ¶£¢±
>
>
> ------------------------------------------------------------
> --== Sent via Deja.com ==--
> http://www.deja.com/
>
>
>





More information about the Snort-users mailing list