Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: high speed snorting

From: "Simon E. Devlin" <simon.devlin () kremlin-computing com>
Date: Thu, 2 Aug 2001 20:07:33 +0100
I don’t have any experience of such a box, but have played with a Toplayer (http://www.toplayer.com/) switch that 
allows load-balancing of incoming frames across multiple IDS's (typically Realsecure, but I don't see why it wouldn't 
work with Snort).  The product (well, it's interface) is still a little immature, but has got real scope.

If money's not to much of a problem (they're about 15K USD), that might be a way to split the job up into more 
realistic chunks if you can't find a box upto the job.  They do a s/w package called securewatch that consolidates the 
data gained from the different appswitches, which looks good on paper, but I've not actually used.

Hope this is of some help, even if it's not quite what you asked.

- - - - -

Christian said,

Hey there, 


is there anyone out there who has tried snorting at sustained speeds of 
1Gbps? If so, please point me to the article, site, person.. I'd like to 
trade thoughts on implementing and sustaining such a beast. 


Thanks, 
Chris 




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: