Snort mailing list archives
Re: using snort for an IDS/IPS appliance
From: d a <xstoneheartx () yahoo com>
Date: Tue, 5 Apr 2011 07:37:38 -0700 (PDT)
I know that sourcefire has a product for this purpose but that is a commercial product while what we want to do is not a commercial project it's an experimental and research project and as far as I know sourcefire is using another generation of snort (3D) for their appliance not exclusively snort2-9 software. ________________________________ From: matan monitz <mmonitz () gmail com> To: d a <xstoneheartx () yahoo com> Cc: snort-devel () lists sourceforge net Sent: Tue, April 5, 2011 4:30:00 PM Subject: Re: [Snort-devel] using snort for an IDS/IPS appliance http://www.sourcefire.com/resources/sourcefire-3d9900-sensor On Tue, Apr 5, 2011 at 2:43 PM, d a <xstoneheartx () yahoo com> wrote: Hi every body,
We have a pilot project to develop a primary appliance for 10 Gbps IPS/IDS. We want to use snort-2.9 as its detection engine and there is no limitation in hardware features (RAM: 24GB or more if is needed – CPU: Intel core i7 965 or more if is needed ….) Now, there is an elementary question: Can snort be used for 10Gbps traffic rate? I know that snort performance depends on hardware features, number of enabled rules, preprocessors,… . But with the assumption of the simplest state, no limitation in hardware, using just signature based detection, how many rules approximately could be enabled to reach protection of 10 Gbps traffic? I have no idea about the possibility of using snort for this rate of traffic, but if it’s impossible in any way, do you think developing a hardware accelerator for pattern matching unit of snort or using multi snort sensors and breaking traffic between them can solve this problem? ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- using snort for an IDS/IPS appliance d a (Apr 05)
- <Possible follow-ups>
- using snort for an IDS/IPS appliance d a (Apr 05)
- Re: using snort for an IDS/IPS appliance matan monitz (Apr 05)
- Re: using snort for an IDS/IPS appliance d a (Apr 05)
- Re: using snort for an IDS/IPS appliance Nigel Houghton (Apr 05)
- Re: using snort for an IDS/IPS appliance d a (Apr 06)
- Re: using snort for 10Gbps traffic rate d a (Apr 08)
- Re: using snort for 10Gbps traffic rate Martin Holste (Apr 08)
- SourceFire Appliance 3D9900 capabilities d a (Apr 14)
- Re: SourceFire Appliance 3D9900 capabilities Jason Wallace (Apr 14)
- Re: SourceFire Appliance 3D9900 capabilities Jeff Murphy (Apr 14)
- Re: SourceFire Appliance 3D9900 capabilities Martin Holste (Apr 14)
- Re: using snort for an IDS/IPS appliance matan monitz (Apr 05)
- Re: SourceFire Appliance 3D9900 capabilities Joel Esler (Apr 14)