[Snort-users] Re: Statefull inspection on IDS - Stick

Gregor Binder gbinder at ...462...
Thu Mar 8 11:30:53 EST 2001


Avleen Vig on Thu, Mar 08, 2001 at 03:20:37PM -0000:

Avleen,

> I've seen snort generate hundreds / thousands of alerts a secodns
> during floods, and not drop a packet.

and you have been analyzing those hundreds and thousands of alerts,
right? Or did you just assume it was a plain flood, no real threat to
your data inside?

Maybe people should actually read the paper that was referenced before
this becomes a NIDS performance discussion, because the actual weak-
nesses addressed in there are far more interesting than religious talk
about linux packet loss statistics ;)

Regards,
  Gregor.

-- 
Gregor Binder  <gregor.binder at ...462...>  http://sysfive.com/~gbinder/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55




More information about the Snort-users mailing list