[Oisf-users] For those who haven't read this

Robert Vineyard robert.vineyard at oit.gatech.edu
Wed Jul 21 18:58:05 UTC 2010


http://vrt-sourcefire.blogspot.com/2010/06/single-threaded-data-processing.html

Here's another link (a writeup by Marty Roesch of Sourcefire) referenced
from the article you mentioned.

In light of this discussion, does OISF / Suricata have a response to
Sourcefire's critique of a multi-threaded engine model that uses several
threads to process the same data simultaneously? It seems to me that the
most efficient way to do things would be to have a front-end load-balancer
that could distribute the traffic to multiple back-end threads or processes
that would each operate on independent data streams. This is the strategy
employed by Endace and others to accomplish high-throughput IDS inspection.
On a related note, are there any plans to implement native acceleration
support for other vendors besides Endace (in particular Napatech / nPulse)?

Thanks!

--
[ Robert Vineyard | RHCE, Security+ ]    [ robert.vineyard at oit.gatech.edu  ]
[ Information Security Engineer III ]    [ 404.385.6900 | FAX 404.894.9548 ]
[Finding a needle in a haystack isn't hard when every straw is computerized]


On 07/21/2010 07:05 AM, Kevin Ross wrote:
> http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)
> <http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)>
> 
> 
> 
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



More information about the Oisf-users mailing list