O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Tuning the Preprocessors

If you are still dropping packets at this point you will have to make some configuration changes to the preprocessors. The first and most important task to perform when tuning the preprocessors is to ensure that you have sufficient memory allocated for the preprocessors. Without the correct memory reserved, certain preprocessors can be placed in a situation where they are not processing every packet that Snort sniffs. This is functionally equivalent to the preprocessor being disabled for a percentage of the time. Attacks that need a preprocessor to be discovered could easily slip by. This is worsened by attacks that span many packets: If a preprocessor does not have enough memory to normalize one packet out of a range ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required