[Bro] Packet scans drops
William Jones
jones at tacc.utexas.edu
Tue Apr 23 08:38:41 PDT 2013
Seth,
The only time I am seeing dropped packets are during attempts to us TACC to amplify dos attach very aggressive port scans.
In both cases bro workers are being overloaded by 500kk to 1000k incoming packets. It looks like a single worker can only handle 30K packets/sec before it reaches 100 percent cpu usage. Is there any effort going into bro development to handle these cases.
My only work around that I have now is to block aces to common ports at the boarder router and opening host to vetted hosts.
Bill Jones
More information about the Bro
mailing list