[Snort-devel] using snort for an IDS/IPS appliance
xstoneheartx at ...398...
Tue Apr 5 07:43:19 EDT 2011
Hi every body,
We have a pilot project to develop a primary appliance for 10 Gbps IPS/IDS. We
want to use snort-2.9 as its detection engine and there is no limitation in
hardware features (RAM: 24GB or more if is needed – CPU: Intel core i7 965 or
more if is needed ….)
Now, there is an elementary question: Can snort be used for 10Gbps traffic rate?
I know that snort performance depends on hardware features, number of enabled
rules, preprocessors,… . But with the assumption of the simplest state, no
limitation in hardware, using just signature based detection, how many rules
approximately could be enabled to reach protection of 10 Gbps traffic?
I have no idea about the possibility of using snort for this rate of traffic,
but if it’s impossible in any way, do you think developing a hardware
accelerator for pattern matching unit of snort or using multi snort sensors and
breaking traffic between them can solve this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel