Snort mailing list archives
Re: snort throughput
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 4 Sep 2006 21:25:54 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Marcus, Are you looking to install the sensors out-of-band (passive only) or inline? The aggregate performance you're going to get is going to depend on a number of factors like the configuration of the system and which rules you're running as well as the underlying hardware and the OS configuration. Without specialized hardware you're going to be hard pressed to get that kind of performance out of two machines. You could build a machine to try to hit those performance levels combining high performance systems hardware (core 2 duo/xeons, for example) and accelerators like those from Endace, but don't forget about the backend that's going to be required to manage the data the sensors produce and manage their configuration, etc. We have multi-gig appliances at Sourcefire if you're looking for prebuilt systems, check it out if you're interested. -Marty On Sep 4, 2006, at 8:29 PM, rna wrote:
Hi, i'm lookin forward to use snort with a big security project. There is a requirement of "4 gb/s throughput for the IDS system" which should be based on 2 (snort) sensors. now those questions arise: is snort the right ids here and with what hardware should be used to reach 4gb/s throughput of the system ? Best regards Marcus ---------------------------------------------------------------------- --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel? cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFE/NIjqj0FAQQ3KOARAhS4AJ0a+n4O+p7Bi5/BseOCiKYLeqebPQCffMqp prMXDPYvrlzEO5NWn/U/LBw= =9eEo -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort throughput rna (Sep 04)
- Re: snort throughput Martin Roesch (Sep 04)
- <Possible follow-ups>
- Re: snort throughput Michael Scheidell (Sep 05)