[Snort-devel] using snort for an IDS/IPS appliance

matan monitz mmonitz at ...2499...
Tue Apr 5 08:00:00 EDT 2011


http://www.sourcefire.com/resources/sourcefire-3d9900-sensor

On Tue, Apr 5, 2011 at 2:43 PM, d a <xstoneheartx at ...398...> wrote:

>  Hi every body,
>
> We have a pilot project to develop a primary appliance for 10 Gbps IPS/IDS.
> We want to use snort-2.9 as its detection engine and there is no limitation
> in hardware features (RAM: 24GB or more if is needed – CPU: Intel core i7
> 965 or more if is needed ….)
>
> Now, there is an elementary question: Can snort be used for 10Gbps traffic
> rate? I know that snort performance depends on hardware features, number of
> enabled rules, preprocessors,… . But with the assumption of the simplest
> state, no limitation in hardware, using just signature based detection, how
> many rules approximately could be enabled to reach protection of 10 Gbps
> traffic?
>
>
>
> I have no idea about the possibility of using snort for this rate of
> traffic, but if it’s impossible in any way, do you think developing a
> hardware accelerator for pattern matching unit of snort or using multi snort
> sensors and breaking traffic between them can solve this problem?
>
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110405/93b4eef3/attachment.html>


More information about the Snort-devel mailing list