Snort mailing list archives
Re: Snort Install
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Wed, 02 Dec 2009 07:24:26 -0600
Quoting Biggs Darklighter <jedi_darklighter () hotmail com>:
on this network and am wondering if this would be a good machine to use? any suggestions would be very helpful. I have never used and have not installed snort as of yet due to lack of working computers (4) lying
the hardware you describe is sufficient for the sensor. Beyond "sufficient", lets be clear about a couple things: - if your ruleset is poorly tuned or badly deployed, no amount of hardware will be sufficient. - you must learn to run everything you need, then turn off everything else. I personally run a bunch of snort boxes on our satellite campuses ( less than 10 PCs ) on AMD Geode (Soekris) machines with 512mb ram, no disks, and the full ruleset. The reason you can't find anything about recommended sizing is that it doesn't matter. Rule tuning matters. Deployment matters. Everything else is just noise. jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Install Biggs Darklighter (Dec 01)
- Re: Snort Install Joel Esler (Dec 01)
- Re: Snort Install Jack Pepper (Dec 02)