[Oisf-users] For those who haven't read this
Robert Vineyard
robert.vineyard at oit.gatech.edu
Wed Jul 21 18:58:05 UTC 2010
http://vrt-sourcefire.blogspot.com/2010/06/single-threaded-data-processing.html
Here's another link (a writeup by Marty Roesch of Sourcefire) referenced
from the article you mentioned.
In light of this discussion, does OISF / Suricata have a response to
Sourcefire's critique of a multi-threaded engine model that uses several
threads to process the same data simultaneously? It seems to me that the
most efficient way to do things would be to have a front-end load-balancer
that could distribute the traffic to multiple back-end threads or processes
that would each operate on independent data streams. This is the strategy
employed by Endace and others to accomplish high-throughput IDS inspection.
On a related note, are there any plans to implement native acceleration
support for other vendors besides Endace (in particular Napatech / nPulse)?
Thanks!
--
[ Robert Vineyard | RHCE, Security+ ] [ robert.vineyard at oit.gatech.edu ]
[ Information Security Engineer III ] [ 404.385.6900 | FAX 404.894.9548 ]
[Finding a needle in a haystack isn't hard when every straw is computerized]
On 07/21/2010 07:05 AM, Kevin Ross wrote:
> http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)
> <http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)>
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list