Snort mailing list archives

Re: GIG IDS

From: Matt Jonkman <mjonkman () infotex com>
Date: Tue, 12 Sep 2006 08:51:07 -0400

I was just putting this story up at bleeding snort:

http://www.bleedingsnort.com/article.php?story=20060912082537189

Sensory networks has a hardware acceleration card that may be of
particular interest. I'm looking into using it myself :)

Matt


Michael Scheidell wrote:

you may need a commercial system to keep up, or at least one box per
connection.
If you have a lot of 'small' < 64 byte packets, you might forget the
pizza box.
(run ntop on a sniffer link for a week and see)
 
The backplane on most 'pizza bozes' is 3.2Gbs max., and two
bidirectional 1GB pipes would be, well, more than the available
backplane bandwidth.
 
 

    -----Original Message-----
    *From:* snort-users-bounces () lists sourceforge net
    [mailto:snort-users-bounces () lists sourceforge net] *On Behalf Of
    *Marc Appelbaum
    *Sent:* Tuesday, September 12, 2006 8:24 AM
    *To:* snort-users () lists sourceforge net
    *Subject:* [Snort-users] GIG IDS

    I'm looking for any insight into successful gigabyte Snort
    deployments.  My network is huge multi-gigabyte environment.  Most
    of the connections to my firewalls are gig.  My Intenet connections
    are mostly dual OC-12s.

    I'm thinking about using a high end Linux with say Red Hat 4 or
    FreeBSD with at least 4 GB RAM with a Dual Core Intel CPU.
     
     
    Any advice is very welcome.

    --Marc


------------------------------------------------------------------------

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642


------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
--------------------------------------------
Matthew Jonkman, CISSP
Senior Security Engineer
Infotex
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC
http://my.infotex.com
http://www.infotex.com
http://www.bleedingsnort.com
--------------------------------------------



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

GIG IDS Marc Appelbaum (Sep 12)
- Re: GIG IDS Joel Esler (Sep 12)
- <Possible follow-ups>
- Re: GIG IDS Michael Scheidell (Sep 12)
  - Re: GIG IDS Matt Jonkman (Sep 12)
- Re: GIG IDS Donofrio, Lewis (Sep 12)
  - Re: GIG IDS Martin Roesch (Sep 12)