3. Snort and suppress performance hit?

Snort and suppress performance hit?


  • Hello!

    I've got a beautiful working config with pf 2 RC and with snort inspecting LAN and WAN traffic.

    The snort alert-log was clogged by "(http_inspect) DOUBLE DECODING ATTACK" http://www.snortid.com/snortid.asp?QueryId=119%3A2 (false positive in my case as I understand it) so I decided to use Suppress on the id involved:
    suppress gen_id 119, sig_id 2
    suppress gen_id 119, sig_id 14

    After enabling this suppress filter on both WAN and LAN my download performance went down from ~117Mbit to about 80Mbit. Suppose my hardware isn't up for the task to handle the throughput, or?

    Machine: Thinkpad X60s
    CPU: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz
    Current: 250 MHz, Max: 1667 MHz
    NIC: Intel PRO/1000 LAN adapter, 1 Gbit with VLAN for LAN and WAN.

    So the Q is, whats the minimum hw for "full speed ahead", as in 100mbit+ for snort and pfsense?

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy