[Snort-users] Snort getting overloaded by http traffic:

hackerwacker hackerwacker at ...3784...
Tue Jun 25 12:56:06 EDT 2002


My Snort box, watching 10 megs ave and 15 megs (5 minutes average peak)
dropped packets like crazy till we got a CIDR block. Now instead of a
HOME_NET for some 38 non-contiguous /24's HOME_NET is a /18. What a world of
difference, I went from 50% packet loss
to almost nil. Processor runs at 10-20% and  not 99%, also.

I still have a few /24's that are not contiguous to the /18 CIDR, so I run
then as a separate process.

James






More information about the Snort-users mailing list