Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Network Protection: Use Suricata for IPS

I think it could be worth a look at, unless Snort comes up with a multfhreaded version.
http://www.openinfosecfoundation.org/
http://suricata-ids.org/

54 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Mark DooreyMark Doorey shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    6 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Martin SeenerMartin Seener commented  ·   ·  Flag as inappropriate

        I would really like changing from snort to suricata (or even user-option like dual-av) since with suricata IPS would be much smoother on less high-Ghz but multi-core CPUs like Intel Atoms with 2 to 8 cores!!!

      • HescominsoonHescominsoon commented  ·   ·  Flag as inappropriate

        considering that snort is now owned by cisco snort is as good as dead. Snort is NOT multi-threaded. What is done is snort is run in multiple instances based on cpu thread count.

      • BarryGBarryG commented  ·   ·  Flag as inappropriate

        Alan, Snort supports multi-process, which is very different than multi-threaded.

        With MP, memory usage increases linearly with each additional process, etc.

      Feedback and Knowledge Base