“I thought I should post a response to the response to my
article (I’m returning the serve in other words). Italics are
what Elliot Turner wrote, my response follows. I also did some mass
snippage, you might want to read his response first to the original
article, and then this article.”
“The biggest performance hit on modern day NIDS packages
comes from sniffing network packets and performing protocol
decoding tasks, not detecting individual attack signatures. While I
am not claiming there is _no_ performance impact from adding
additional attack signatures to a system, I do believe that the
perceived impact is over-stated.“
“I will admit you are probably right, but the fact stands that
the more your IDS/NIDS does to detect attacks, the more resources
it will use. Hence if you have it detecting EVERYTHING possible you
will need a rather powerful machine.”