[Snort-users] Alert payloads not matching alert rules

Jason Haar Jason.Haar at ...294...
Wed Nov 22 15:21:51 EST 2006

Joel Esler wrote:
> Are you dropping any packets?  It seems that with 3 processes of Snort, on the same box, with only 2 Gigs of RAM trying to analyze that much traffic, you are probably dropping packets in addition to Snort overwriting its own memory.
Hi Joel

Can you explain what you mean by snort overwriting it's own memory? How
is that possible? I thought standard OS process separation would stop
that? (I am assuming you meant having >1 snort process leads to one
snort process "corrupting" another)

I also routinely run multiple snort instances - this comes as a bit of a


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-users mailing list