[Snort-users] Kernel space Snort. Proof of concept test succeeded.
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Wed Sep 15 01:14:06 EDT 2004
--On 31 August 2004 18:56 +0200 Willem de Bruijn <wdebruij at ...1580...> wrote:
> As for filters. we've already ported Aho-Corasick and
> Boyer-Moore-Horspool, a sampler, etc.. For a conference paper we've
> pitted snort with BMH in the kernel against regular snort and found
> quite considerable increases in efficiency (some 50% less CPU
> utilization with an older version of the software, better results are
> surely obtainable).
Was the user-mode Snort using Phil Wood's libpcap
<http://public.lanl.gov/cpw/> or an older version without MMAP mode support?
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users