Home page logo

snort logo Snort mailing list archives

Re: pcre high cpu usage
From: Alex Kirk <akirk () sourcefire com>
Date: Tue, 19 Oct 2010 09:50:43 -0400

BTW: most offending rules (with like 10000 ticks avg!!) were 4676 and 4677,
related to Oracle Enterprise Manager. They had the destination restricted to
the only OEM in the net, but that was enough to cause that delays... May be
it's time to think in PCRE ofloading! :-)
Best regards,

What revisions of those rules are you running? We had revs out briefly that
were severely problematic, and we updated them as soon as we realized. I
want to make sure the current versions of those two aren't causing problems.

Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
alex.kirk () sourcefire com
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]