[Snort-users] flags

James Ashton admin at ...6022...
Fri Jun 7 20:05:02 EDT 2002


I have a P2-266 with 128Mb RAM and 7200RPM scsi HDs running 1.8.5 with a minimal ruleset.

This is what is running for preprocessors

preprocessor frag2: timeout 15
preprocessor stream4: detect_scan, timeout 15, memcap 17572864
preprocessor stream4_reassemble both, ports [21, 23, 25, 53, 80, 143, 110, 111, 513]
preprocessor portscan: $HOME_NET 5 5 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS

My startup command is:

/usr/sbin/snort -c /etc/snort/snort.conf -i eth0 -D

I am dropping all but 1 in 10 of the packet traffic.
When I add the   -A fast -b   flags snort drops MORE packets. 

Any ideas???  I know that this box will probably not detect all of my traffic (about 4Mbits/sec.) with any realistic rule set. but shouldnt it do 
better than this and shouldn't those flags speed it up a little?? 
_______________________________
James Ashton
President
Global Internet Tech, Inc

13840 Osprey Links Dr, #219
Orlando Fl, 32837

407-859-5218 






More information about the Snort-users mailing list