Hi Nate,
Snort_inline needs to get it's packets from the Packet Filter of the OS. For
Linux/iptables this is done through the QUEUE target. As far as i know this
is considerably slower than snort+pcap. But we need the underlying
packetfilter to do the actual dropping for us. For Snort_inline, i don't
really know what the bottleneck is, but can you describe your setup and
problems?
Regards,
Victor
On Wednesday 08 September 2004 22:07, Nathaniel Haggard wrote:
> This quote from Snort 2.0 Intrusion Detection by Brain Caswell
> published by syngress leads me to believe that there is such a thing
> as acquisition plugins: "The Snort 2.0 architecture allows for what
> are called 'acquisition plug-ins.' These plug-ins allow a developer to
> write a specific packet-capture network card driver for a particular
> operating system (Linux), and this plug-in would provide Snort with
> packet capture at much higher speeds."
>
> I'm interested in "much higher speeds" such as 350MB+ does anyone have
> any information on these plugins such as where to get them or how to
> start developing such a plugin?
>
> Thanks,
> Nate
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
|
