Snort features
-
I installed Snort and it basically killed my internet connection it brought down my speed to a complete crawl or basically timed out some of the pages. I was wondering is Snort suppose to slow your connect I'm pretty new so some advice on this subject would be greatly appreciated.
-
No. It can handle things at wirespeed if your hardware is up to it…
-
I installed Snort and it basically killed my internet connection it brought down my speed to a complete crawl or basically timed out some of the pages. I was wondering is Snort suppose to slow your connect I'm pretty new so some advice on this subject would be greatly appreciated.
Snort will not impact your speed unless you are enabling every possible rule and have a 8088 8 MHz processor from the 1980s … :D
Blocking is another issue (feature). No IDS is "install and forget". Every IDS installation requires environment-specific tuning. Refer to the Packages sub-forum here and search for all the Snort configuration threads. There is an excellent Master Suppress List thread that reviews fixes for the most common false positives from Snort.
Another recommendation is to first run Snort in non-blocking mode for a few days or a week or two. That way you can see what it would have blocked, and then have time to evaluate/research each alert to see if it is indeed a false positive in your environment. Many of the HTTP_INSPECT alerts are generally false positives.
Bill
