A Performance Study of the Snort IDS

  • Author(s) / Creator(s)
  • Technical report TR08-04. There are many network intrusion detection and prevention tools available to the network administrator of today, but Snort has become an enterprise standard due to its open source nature and also due to the fact that there are many open source operating systems which work very well with Snort. It is therefore very important for network and system administrators to know and understand the strengths and weaknesses of this tool before deploying it on their network. This project sets out to investigate the performance of Snort under certain \"defined\" conditions. We investigated two behaviors that have been informally attributed to Snort, namely: Under high load conditions, Snort drops packets without informing the network administrator and Under high load conditions, Snort passes packets which violate one or more of the rules in the rule set. | TRID-ID TR08-04

  • Date created
  • Subjects / Keywords
  • Type of Item
  • DOI
  • License
    Attribution 3.0 International