Snort mailing list archives
Re: OS options to monitor traffic over a 1GiB and 10 GiB
From: livio Ricciulli <livio () metaflows com>
Date: Tue, 03 Jul 2012 11:28:46 -0700
Waldo is right however we should NOT throw away quantitative analysis and give up. If you understand the different dimensions of sensitivity, you can easily do quantitative experiments to say configuration A is better than configuration B given the same traffic and the same rules (for example).. So, as Waldo says, plain absolute numbers are usually not very meaningful, but relative numbers are very, very important.. I would love to see someone do relative comparison of BSD VS Linux using PF_RING and identical configurations and identical traffic.. Livio. On 07/02/2012 10:23 PM, waldo kitty wrote:
On 7/2/2012 01:45, C. L. Martinez wrote:Many thanks to all for your answers ... From hardware side I think I have got all pretty clear, but my question is about SO to use: BSD or Linux distro ... According your answers, most people use Linux distro with PF_RING, but nobody have tried to use FreeBSD or OpenBSD to accomplish this??the key here is to test for what suits your network's needs... while you might have a 100MB feed, the traffic might not need as much monitoring machine as other 100MB feeds... it all depends on the traffic and the rules that are enabled... generally speaking, the more rules enabled, the more muscle your monitoring machine(s) need... there is not hard and fast rule... every network and ISP provider are different... you have to test, and tune your IDS/IPS solution to your network... period... sorry if that sounds "harsh" but it is one of the basic truths of IDS/IPS integration... ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: [Snort-users] OS options to monitor traffic over a 1GiB and 10 GiB Robert Vineyard (Jul 01)
- Message not available
- Re: OS options to monitor traffic over a 1GiB and 10 GiB Robert Vineyard (Jul 01)
- Re: OS options to monitor traffic over a 1GiB and 10 GiB C. L. Martinez (Jul 01)
- Re: OS options to monitor traffic over a 1GiB and 10 GiB waldo kitty (Jul 02)
- Re: OS options to monitor traffic over a 1GiB and 10 GiB livio Ricciulli (Jul 03)
- Re: OS options to monitor traffic over a 1GiB and 10 GiB C. L. Martinez (Jul 03)
- Re: OS options to monitor traffic over a 1GiB and 10 GiB Peter Bates (Jul 04)
- Re: OS options to monitor traffic over a 1GiB and 10 GiB Jaime Nebrera (Jul 04)
- Re: OS options to monitor traffic over a 1GiB and 10 GiB Robert Vineyard (Jul 01)
- Message not available