[Snort-users] Re: Statefull inspection on IDS - Stick

Gregor Binder gbinder at ...462...
Thu Mar 8 11:30:53 EST 2001

Avleen Vig on Thu, Mar 08, 2001 at 03:20:37PM -0000:


> I've seen snort generate hundreds / thousands of alerts a secodns
> during floods, and not drop a packet.

and you have been analyzing those hundreds and thousands of alerts,
right? Or did you just assume it was a plain flood, no real threat to
your data inside?

Maybe people should actually read the paper that was referenced before
this becomes a NIDS performance discussion, because the actual weak-
nesses addressed in there are far more interesting than religious talk
about linux packet loss statistics ;)


Gregor Binder  <gregor.binder at ...462...>  http://sysfive.com/~gbinder/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55

More information about the Snort-users mailing list