IDS mailing list archives

RE: IDS on VPN-GW

From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Thu, 5 Dec 2002 10:27:32 -0500

Snort did not drop any packets.  It handled T1 speed (mostly VPN traffic) just fine.  Again, I haven't tested his on 
100Mb or even 10Mb segments.  At some point, I might perform some benchmarking on faster links, but unfortunately, I 
don't have time at the moment.


 -----original message-----

How well did Snort keep up, however?  I can't believe it wasn't missing
packets at that point...

-----Original Message-----
From: Keith T. Morgan [mailto:keith.morgan () terradon com] 
Sent: Monday, December 02, 2002 10:05 AM
To: counter.spy () gmx de
Cc: focus-ids () securityfocus com
Subject: RE: IDS on VPN-GW

We've deployed this scenario on Linux + Free S/Wan running snort on all
physical interfaces and all ipsecX interfaces for folks.  The fastest
wire-speed we've had on one of these deployments is T1, and a PIII450
has handled VPN traffic at wirespeed even with the added load of snort.
Sorry I don't have any higher-bandwidth benchmarks for you.

-----Original Message-----
From: counter.spy () gmx de [mailto:counter.spy () gmx de]
Sent: Friday, November 29, 2002 4:20 AM
To: focus-ids () securityfocus com
Subject: IDS on VPN-GW

Hi folks,
I have recently tested snort on a vpn-gateway that runs on linux (just
for testing purposes, no productive server).

...

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

Current thread:

Re: IDS on VPN-GW Mike Lyman (Dec 01)
- <Possible follow-ups>
- RE: IDS on VPN-GW Keith T. Morgan (Dec 02)
  - RE: IDS on VPN-GW Rob Shein (Dec 03)
- RE: IDS on VPN-GW counter . spy (Dec 04)
  - RE: IDS on VPN-GW Mike Lyman (Dec 05)
- RE: IDS on VPN-GW Keith T. Morgan (Dec 05)