[Snort-users] How much will a huge list of subnets to the frag3 preprocessor slow snort?

Bachelor, Stephen A CTR USSOCOM HQ Stephen.Bachelor.ctr at ...14240...
Fri Nov 9 13:10:55 EST 2007


I fairly easily made a script to take a p0f log of my network and turn
it into Windows, Solaris, Linux, BSD, BSD-Left, First, and Last
configuration instructions to the frag3 preprocessor.  But my attempt to
extend it in Perl to consolidate all the IPs into non-overlapping CIDR
ranges has been stymied from the start; I'm not a scripting expert and
I've wasted a week on it.  

How much will it slow down Snort if I just give it a ~4,000 line
snort.conf?  Alternatively, does anyone have a script that does what I
want?




More information about the Snort-users mailing list