admin at ...6022...
Fri Jun 7 20:05:02 EDT 2002
I have a P2-266 with 128Mb RAM and 7200RPM scsi HDs running 1.8.5 with a minimal ruleset.
This is what is running for preprocessors
preprocessor frag2: timeout 15
preprocessor stream4: detect_scan, timeout 15, memcap 17572864
preprocessor stream4_reassemble both, ports [21, 23, 25, 53, 80, 143, 110, 111, 513]
preprocessor portscan: $HOME_NET 5 5 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS
My startup command is:
/usr/sbin/snort -c /etc/snort/snort.conf -i eth0 -D
I am dropping all but 1 in 10 of the packet traffic.
When I add the -A fast -b flags snort drops MORE packets.
Any ideas??? I know that this box will probably not detect all of my traffic (about 4Mbits/sec.) with any realistic rule set. but shouldnt it do
better than this and shouldn't those flags speed it up a little??
Global Internet Tech, Inc
13840 Osprey Links Dr, #219
Orlando Fl, 32837
More information about the Snort-users