IDS mailing list archives

RE: IDS on VPN-GW

From: "Rob Shein" <shoten () starpower net>
Date: Mon, 2 Dec 2002 18:31:38 -0500

How well did Snort keep up, however?  I can't believe it wasn't missing
packets at that point...

-----Original Message-----
From: Keith T. Morgan [mailto:keith.morgan () terradon com] 
Sent: Monday, December 02, 2002 10:05 AM
To: counter.spy () gmx de
Cc: focus-ids () securityfocus com
Subject: RE: IDS on VPN-GW

We've deployed this scenario on Linux + Free S/Wan running snort on all
physical interfaces and all ipsecX interfaces for folks.  The fastest
wire-speed we've had on one of these deployments is T1, and a PIII450
has handled VPN traffic at wirespeed even with the added load of snort.
Sorry I don't have any higher-bandwidth benchmarks for you.

-----Original Message-----
From: counter.spy () gmx de [mailto:counter.spy () gmx de]
Sent: Friday, November 29, 2002 4:20 AM
To: focus-ids () securityfocus com
Subject: IDS on VPN-GW

Hi folks,
I have recently tested snort on a vpn-gateway that runs on linux (just
for testing purposes, no productive server).

Current thread:

Re: IDS on VPN-GW Mike Lyman (Dec 01)
- <Possible follow-ups>
- RE: IDS on VPN-GW Keith T. Morgan (Dec 02)
  - RE: IDS on VPN-GW Rob Shein (Dec 03)
- RE: IDS on VPN-GW counter . spy (Dec 04)
  - RE: IDS on VPN-GW Mike Lyman (Dec 05)
- RE: IDS on VPN-GW Keith T. Morgan (Dec 05)