[Snort-users] Snort Performance

This is a discussion on [Snort-users] Snort Performance within the Snort forums, part of the System Security and Security Related category; Hi all, i'm trying snort with guardian. I'm wondering about the performance that i can obtain from them ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page [Snort-users] Snort Performance

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-09-2004
=?iso-8859-1?q?mik=20sib?=
 
Posts: n/a
Default [Snort-users] Snort Performance
Hi all,
i'm trying snort with guardian.
I'm wondering about the performance that i can obtain
from them togheter to protect my fw.
I have this doubt, excuse me if i didn't read ALL the
snort documentation yet, because i can't realize how
fast can be snort in detecting bad trafic expecially
on a busy gw.
During the last hour, i saw the guardian do his job in
blocking the trafic from a suspicoius server/ip that
was sending me a virus but only after that the
connection was already closed.

The bad email with the virus has been delivered and
after the end of the connection the snort/guardian has
detected and put down a drop rule.

Do i miss something?
Do i need more computing power? i'm using a P3 with
256 Mb ram.
Does the snort do some kind of buffering and does it
analyze the packets after a while?
I suppose that expecially on busy gw and with a lot of
packets per second this is the only way it can work.
Am i right?

Wich other tools like snort + guardian are available
to analyze and block suspicious ip and from one of you
reading this post already tested with success?.

Can snort detect p2p traffic made from clients that
access the internet through a proxy like kadza ? How
can i avoid and control that kind of traffic ?

Tahnk you very much


Mik

__________________________________________________ ____________________
Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam
http://it.yahoo.com/mail_it/foot/?ht...ail.yahoo.com/


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:51 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0