[Snort-users] Re: Statefull inspection on IDS - Stick
gbinder at ...462...
Thu Mar 8 11:30:53 EST 2001
Avleen Vig on Thu, Mar 08, 2001 at 03:20:37PM -0000:
> I've seen snort generate hundreds / thousands of alerts a secodns
> during floods, and not drop a packet.
and you have been analyzing those hundreds and thousands of alerts,
right? Or did you just assume it was a plain flood, no real threat to
your data inside?
Maybe people should actually read the paper that was referenced before
this becomes a NIDS performance discussion, because the actual weak-
nesses addressed in there are far more interesting than religious talk
about linux packet loss statistics ;)
Gregor Binder <gregor.binder at ...462...> http://sysfive.com/~gbinder/
sysfive.com GmbH UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55
More information about the Snort-users