[Snort-users] Kernel space Snort. Proof of concept test succeeded.

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Wed Sep 15 01:14:06 EDT 2004


--On 31 August 2004 18:56 +0200 Willem de Bruijn <wdebruij at ...1580...> wrote:

> As for filters. we've already ported Aho-Corasick and
> Boyer-Moore-Horspool, a  sampler, etc.. For a conference paper we've
> pitted snort with BMH in the  kernel against regular snort and found
> quite considerable increases in  efficiency (some 50% less CPU
> utilization with an older version of the  software, better results are
> surely obtainable).

Was the user-mode Snort using Phil Wood's libpcap 
<http://public.lanl.gov/cpw/> or an older version without MMAP mode support?

>   Willem

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-users mailing list