[email protected] [[email protected]] wrote: > Hi, > > Anybody have any thoughts on Snort vs Suricata? >
Code quality is going to be a big question with the new one, as it always has been with Snort (does running this utility open up a new attack vector on your network) > Also, how important is it to use an IDS if you run a server that hosts a > popular website? > Depends on how well you configure the IDS and how well you monitor it (and if you know what to even look for...) > I'm reading here (http://www.aldeid.com/wiki/Suricata-vs-snort): Suricata > offers new features that Snort could implement in the future: multi-threading > support, capture accelerators [...snip...] One advantage Suricata has is its > ability to understand level 7 of the OSI model, which enhances its ability of > detecting malwares. Suricata has demonstrated that it is far more efficient > than Snort for detecting malwares, viruses and shellcodes. > Snort is different, I don't see why you expect that it will suddenly become equivalent For high-speed capture and analysis, a dedicated box with netmap is much better for tools like this. I think i should finish the port that I was working on :) Chris
