[Snort-users] Maximum Number Of IPs Per Variable In snort.conf

O'Sullivan, Mairtin mairtin.osullivan at ...8411...
Mon Aug 1 03:01:36 EDT 2005


Apologies if this comes through two times. I sent it a few days ago from
an account which wasn't a member of Snort-Users.

I was wondering what's the maximum number of IPs you can have in a
variable in snort.conf?

In the post below it states that the performance hit would be too great
to even attempt introducing a large number of IPs. Has that changed
since 2002?
http://archives.neohapsis.com/archives/snort/2002-12/0600.html

At present I was to look at putting roughly 300 /32 addresses into a
single variable.

They addresses are not consecutive and so can't be supernetted.

Any thoughts?




More information about the Snort-users mailing list