Snort mailing list archives
Re: One question
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 11 Oct 2001 17:02:22 -0700 (PDT)
On Thu, 11 Oct 2001, Jake S wrote:
Is there a doc that gives a rough idea of what type of hardware to use in a Y network according to Z amount of traffic? My boss is looking for something to base our hardware purchasing on so that is why I ask.
Marty sent this info over to the list earlier this month. It's the closest thing we've got to a definitive guide ATM. --- 4) Hardware/OS recommendations Ok, here are the guidelines and some parameters. Intrusion detection is turning into one of the most high performance production computing fields that is in wide deployment today. If you think about the requirements of a NIDS sensor and the constraints that they are required to operate within, you'll probably start to realize that it's not too hard to find the performance wall with a NIDS these days. The things a NIDS needs are: MIPS (Fast CPU) RAM (More is *always* better) I/O (Wide, fast busses and high performance NIC) AODS (Acres Of Disk Space) A NIDS also needs to be pretty quick internally at doing its job. Snort's seen better days in that regard (when 1.5 came out the architecture was a lot cleaner) but it's still considered to be one of the performance leaders available. As for OS selection, use what you like. When we implement Data Acquisition Plugin's in Snort 2.0 this may become more of a factor, but for now I'm hearing about a lot of people seeing alot of success using Snort on Solaris, Linux, *BSD and Windows 2000. Personally, I develop Snort on FreeBSD and Sourcefire uses OpenBSD for our sensor appliance OS, but I've been hearing some good things about the RedHat Turbo Packet interface (which would require mods for Snort to use, not to mention my general objection to RedHat's breaking stuff all the time). --- Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- One question Jake S (Oct 11)
- Re: One question Erek Adams (Oct 11)