[Snort-users] Snort on a parallel machine?
hoagland at ...47...
Mon Mar 19 15:18:05 EST 2001
At 10:33 AM -0800 3/19/01, John Kiehnle wrote:
>Someone else is peeling my exact question... right to the core. Over the next
>several years as bigger pipes, wireless networks, 64bit busses, greater
>automation and new tools are developed to exploit vulnerabilities, It seems we
>are eventually going to arrive at that critical mass where a single processor
>snort IDS will not do the job. Things like Statistical Packet Anomaly
>Detection, and their corresponding correlation engines, (thank you brothers in
>arms at Silicon Defense) will put even our beefy snort boxes on their knees.
>Some packet flood tools already seem to be able to overwhelm some "other"
>vendor IDSs. ; )
Your welcome. FYI, the initial implementation of the SPICE
correlator has been designed as multi-threaded from the beginning
(with, unfortunately, the usual increase in testing and debugging
>My questions are;
>is there any "parallelness" inherent in the snort IDS which lends itself to
>being re-tooled to take advantage of a parallel machine?
I can't speak to the rest of Snort, but I don't see any reason why
Spade couldn't be run in parallel with the code to check a packet
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...47... *|
|* http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (707) 445-4222 *|
More information about the Snort-users