[Snort-users] How much will a huge list of subnets to the frag3 preprocessor slow snort?
Bachelor, Stephen A CTR USSOCOM HQ
Stephen.Bachelor.ctr at ...14240...
Fri Nov 9 13:10:55 EST 2007
I fairly easily made a script to take a p0f log of my network and turn
it into Windows, Solaris, Linux, BSD, BSD-Left, First, and Last
configuration instructions to the frag3 preprocessor. But my attempt to
extend it in Perl to consolidate all the IPs into non-overlapping CIDR
ranges has been stymied from the start; I'm not a scripting expert and
I've wasted a week on it.
How much will it slow down Snort if I just give it a ~4,000 line
snort.conf? Alternatively, does anyone have a script that does what I
More information about the Snort-users