[Snort-devel] using snort for an IDS/IPS appliance

d a xstoneheartx at ...398...
Tue Apr 5 07:43:19 EDT 2011

Hi every body,
We have a pilot project to develop a primary appliance for 10 Gbps IPS/IDS. We 
want to use snort-2.9 as its detection engine and there is no limitation in 
hardware features (RAM: 24GB or more if is needed – CPU: Intel core i7 965 or 
more if is needed ….)
Now, there is an elementary question: Can snort be used for 10Gbps traffic rate? 
I know that snort performance depends on hardware features, number of enabled 
rules, preprocessors,… . But with the assumption of the simplest state, no 
limitation in hardware, using just signature based detection, how many rules 
approximately could be enabled to reach protection of 10 Gbps traffic? 

I have no idea about the possibility of using snort for this rate of traffic, 
but if it’s impossible in any way, do you think developing a hardware 
accelerator for pattern matching unit of snort or using multi snort sensors and 
breaking traffic between them can solve this problem?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110405/f995a63f/attachment.html>

More information about the Snort-devel mailing list