Home page logo
/

snort logo Snort mailing list archives

Re: pcre high cpu usage
From: Alex Kirk <akirk () sourcefire com>
Date: Tue, 19 Oct 2010 09:50:43 -0400


BTW: most offending rules (with like 10000 ticks avg!!) were 4676 and 4677,
related to Oracle Enterprise Manager. They had the destination restricted to
the only OEM in the net, but that was enough to cause that delays... May be
it's time to think in PCRE ofloading! :-)
Best regards,
Tomás


What revisions of those rules are you running? We had revs out briefly that
were severely problematic, and we updated them as soon as we realized. I
want to make sure the current versions of those two aren't causing problems.



-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk () sourcefire com
------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]