Re: snort throughput

[Martin Roesch <roesch () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Marcus,

Are you looking to install the sensors out-of-band (passive only) or  
inline?  The aggregate performance you're going to get is going to  
depend on a number of factors like the configuration of the system  
and which rules you're running as well as the underlying hardware and  
the OS configuration.

Without specialized hardware you're going to be hard pressed to get  
that kind of performance out of two machines.  You could build a  
machine to try to hit those performance levels combining high  
performance systems hardware (core 2 duo/xeons, for example) and  
accelerators like those from Endace, but don't forget about the  
backend that's going to be required to manage the data the sensors  
produce and manage their configuration, etc.

We have multi-gig appliances at Sourcefire if you're looking for  
prebuilt systems, check it out if you're interested.

       -Marty

On Sep 4, 2006, at 8:29 PM, rna wrote:

> Hi,
>
> i'm lookin forward to use snort with a big security project. There  
> is a
> requirement of "4 gb/s throughput for the IDS system" which should be
> based on 2  (snort) sensors. now those questions arise: is snort the
> right ids here and with what hardware should be used to reach 4gb/s
> throughput of the system ?
>
> Best regards
>
> Marcus
>
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFE/NIjqj0FAQQ3KOARAhS4AJ0a+n4O+p7Bi5/BseOCiKYLeqebPQCffMqp
prMXDPYvrlzEO5NWn/U/LBw=
=9eEo
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users