[Snort-users] Smoe questions about Snort & ACID !
mah_soleimani at ...131...
Mon May 16 21:53:53 EDT 2005
I recently have installed Snort and ACID on my system which its hardware and software specification is listed below :
1. 512 M RAM
2. 120 GIG hard disk (IDE)
3. CPU 2.40GHz
.4two network card (one of them for sniffing)
5. mysql Ver 11.18 Distrib 3.23.58, for redhat-linux-gnu (i386)
7. 10 Mbit/sec traffic
I would like to ask some question about ACID and Snort according to the the hardware which I am using :
1. In a worm situation that all of our bandwidth is used with attack , how does Snort react and it means ,does libpcap capture all of packets in our network or just some of the packets and does Snort process every packet which it receives?
2. analyzing all of the packets in a worm situation how much can increase the Snort's CPU usage?
3. I know Snort will block till mysql saves all of the alerts in a database, I 'd like to know how muck we will lose the real traffic in a worm situation (when Snort is suspended)?
4. can this happen that the CPU usage of Snort doesn't let mysqld to log in the database?
5. does mysql is able to insert alerts in database in same rate which Snort generates alerts?
6. could you please introduce a software which generates some big traffic to test Snort?
thanks in advance.
Stay connected, organized, and protected. Take the tour
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users