[Snort-devel] using snort for an IDS/IPS appliance

d a xstoneheartx at ...398...
Tue Apr 5 10:37:38 EDT 2011


I know that sourcefire has a product for this purpose but that is a commercial 
product while what we want to do is not a commercial project it's an 
experimental and research project and as far as I  know sourcefire is using 
another generation of snort (3D) for their appliance not exclusively snort2-9  
software.




________________________________
From: matan monitz <mmonitz at ...2499...>
To: d a <xstoneheartx at ...398...>
Cc: snort-devel at lists.sourceforge.net
Sent: Tue, April 5, 2011 4:30:00 PM
Subject: Re: [Snort-devel] using snort for an IDS/IPS appliance


http://www.sourcefire.com/resources/sourcefire-3d9900-sensor


On Tue, Apr 5, 2011 at 2:43 PM, d a <xstoneheartx at ...398...> wrote:

Hi every body,
>We have a pilot project to develop a primary appliance for 10 Gbps IPS/IDS. We 
>want to use snort-2.9 as its detection engine and there is no limitation in 
>hardware features (RAM: 24GB or more if is needed – CPU: Intel core i7 965 or 
>more if is needed ….)
>Now, there is an elementary question: Can snort be used for 10Gbps traffic rate? 
>I know that snort performance depends on hardware features, number of enabled 
>rules, preprocessors,… . But with the assumption of the simplest state, no 
>limitation in hardware, using just signature based detection, how many rules 
>approximately could be enabled to reach protection of 10 Gbps traffic? 
>
> 
>I have no idea about the possibility of using snort for this rate of traffic, 
>but if it’s impossible in any way, do you think developing a hardware 
>accelerator for pattern matching unit of snort or using multi snort sensors and 
>breaking traffic between them can solve this problem?
>
>------------------------------------------------------------------------------
>Xperia(TM) PLAY
>It's a major breakthrough. An authentic gaming
>smartphone on the nation's most reliable network.
>And it wants your games.
>http://p.sf.net/sfu/verizon-sfdev
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110405/1a620096/attachment.html>


More information about the Snort-devel mailing list