Re: newbie to snort

["Jim Forster" <jforster () rapidnet com>]

DOH! - No timewarp.. The last update I was sent didn't get linked.
Pulled the current you posted here - space and time may now continue. :P

----- Original Message -----
From: "Dragos Ruiu" <dr () kyx net>
To: "Erek Adams" <erek () theadamsfamily net>; "jevon" <jspive1 () umbc edu>
Cc: <snort-users () lists sourceforge net>
Sent: Thursday, August 02, 2001 2:05 PM
Subject: Re: [Snort-users] newbie to snort


> On Thu, 02 Aug 2001, Erek Adams wrote:
> > Depends on your sustained traffic.  This has been hashed and rehashed on
the
> > list.  Take a look at the FAQ.  It discusses this in some detail.  Check
> > http://www.snort.org/ and click 'FAQ' on the left.
>
> Uhm.... just checked... and either I'm hitting some transparent web-cache
> timewarp or the snort FAQ on www.snort.org hasn't been updated in a while.
>
> Another URL you can use for the snort FAQ is:
>  http://www.tux.org/~karl/SNORT-FAQ-v1.8.1.html
>
> (thanks Karl for that and the HTMLizing)
>
> And for this question the FAQ punts to the list here right now, so
> this is a circular reference... :-)
>
> There was a good discussion of this "how big a box" do I need question
> recently in the last few weeks, which I intend to use to update this FAQ
> question answer which is a bit vague right now.  This was an informational
> thread on focus-ids@securityfocus titled "Snort- Minimum system
requirements"
> And I would suggest starting there for some information as I recall
several
> users posted info about the bandwidths/boxes they were using.... at least
> until I get a chance to get to the FAQ edits again...
>
> BTW my only rule of thumb so far on box sizing is:
> a P133 is good for 10MBps
> a P350-400 is needed at a minimum to avoid packet
> loss on a 100MBps interface. Marty uses a Celeron 400
> for T1's and cablemodems as a mileage point....
> a p750-800 is good for two 100 interfaces on the same box
> (and 850+ _might_ be good for 3 with light loading and traffic
> but this is highly config dependent and there are some
> other OS/NIC achitecture issues you start to hit at 270MBps+)
>
> Of course all of these are dependent on how hard you push rules
> database, OS, RAM, config and traffic, yadda yadda yadda... etc...
>
> As usual YMMV!
>
> cheers,
> --dr
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users