Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 04:09:01 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Hardware Support
| | |-+  SNORT BECOMES A WEAKNESS IN EFW
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SNORT BECOMES A WEAKNESS IN EFW  (Read 33017 times)
LeoSSom
Jr. Member
*
Offline Offline

Posts: 2



« on: Wednesday 15 December 2021, 12:06:41 pm »

 Shocked
Com o passar do tempo,a função IPS/SNORT do Endian Firewall, ficou velha e mal desenvolvida, porque as velocidades de conecção a internet , estao cada vez maiores, o hardware usado nas instalações estão cada ves mais potentes e baratos e esse serviço não mais entrega desempenho satisfatório.
Por exemplo, a 10 anos usava-se um Atom single ou dual core, com pouco mais de 1Ghz, e atualmente temos noticias de instalações usando Ryzen3, Atlhon 3000, que são processadores , centenas de vezes mais rapidos que os antigos de 10 ou mais anos atraz .
O mesmo ocorre com as conexoes. a 10 anos tinhamos, pelo menos aqui no Brasil, 10, 15, até no maximo 25Mbits.
Conseguiamos uma velocidade de navegação na internet, sempre bem proxima da nominal, via o Endian, quando faziamos os testes.
Amedida que as velocidades de conexão foram aumentando, começamos a perceber que as redes sob Endian, não mais atingiam as velocidades nominais das conexoes empregadas.
Temos relatos aqui mesmo neste forum de 2013, 14,  16, 17 ate os dias atuais, constatando esse problema.
Atualmente, mesmo com os hardwares modernos, poderosos e rapidos, quando temos o IPS/SNORT habilitado, esse serviço causa um debito enorme na velocidade de conexão, a gente diz que o " firewall está amarrando a rede " !!
Ja tem alguns topicos tratando desse assunto, e muitas são as tentativas de contornar o problema, editando o arquivo com os metodos de procura , (search methods), lá em snort.conf ( /etc/snort/snort.conf.tmpl  ).
Eu mesmo ja tentei muitas variaveis e opções e o maximo que consegui foi 260mbits !
Acho que algo deveria ser feito, a nivel dos desemvolvedores, quem sabe alguem tem acesso a eles, e poderia informa-los desse problema com o SNORT que eh hoje a maior falha, o "ponto-fraco"  do Endian .

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Over time, Endian Firewall's IPS/SNORT function became old and poorly developed, because internet connection speeds are increasing, the hardware used in the installations is increasingly powerful and cheaper and this service is not more delivers satisfactory performance.
For example, 10 years ago a single or dual core Atom was used, with just over 1Ghz, and currently we have news of installations using Ryzen3, Atlhon 3000, which are processors, hundreds of times faster than the old ones with 10 or more years ago.
The same happens with connections. 10 years ago we had, at least here in Brazil, 10, 15, up to a maximum of 25Mbits.
We managed to surf the internet, always very close to the nominal one, via Endian, when we did the tests.
As connection speeds increased, we began to notice that networks under Endian no longer reached the nominal speeds of the connections used.
We have reports right here in this forum from 2013, 14, 16, 17 to the present day, noting this problem.
Currently, even with modern, powerful and fast hardware, when we have IPS/SNORT enabled, this service causes a huge debit in connection speed, we say that the "firewall is tying up the network" !!
There are already some topics dealing with this subject, and there are many attempts to work around the problem, editing the file with the search methods, (search methods), there in snort.conf ( /etc/snort/snort.conf.tmpl ).
I myself have tried many variables and options and the maximum I got was 260mbits!
I think something should be done, at the level of developers, who knows someone has access to them, and could inform them of this problem with SNORT, which is today the biggest flaw, the "weak point" of Endian.

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com