[Snort-devel] using snort for an IDS/IPS appliance

d a xstoneheartx at ...398...
Wed Apr 6 05:51:31 EDT 2011


Hi,

Do all these mean that snort2-9 can be used for protecting 10Gbps traffic rate 
without need to use parallel snort sensors and breaking (splitting) traffic 
between them? Can a single snort engine handle this rate? If yes, so still with 
the assumption of no limitation in hardware and simplest configuration, how many 
rules approximately can be enabled to handle this rate with acceptable packet 
drops rate, acceptable CPU usage,…?
The reason that I insist on this topic is because what I found in documents and 
papers about snort performance and supported rate, all were about less that 
1Gbps and there were some solutions to develop a hardware accelerator for snort 
to support 10Gbps rate.
 
Thank you very much for your helps.




________________________________
From: Nigel Houghton <nhoughton at ...402...>
To: d a <xstoneheartx at ...398...>
Cc: matan monitz <mmonitz at ...2499...>; snort-devel at lists.sourceforge.net
Sent: Tue, April 5, 2011 7:49:53 PM
Subject: Re: [Snort-devel] using snort for an IDS/IPS appliance

On Tue, 5 Apr 2011 07:37:38 -0700 (PDT), d a wrote:
> I know that sourcefire has a product for this purpose but that is a 
> commercial product while what we want to do is not a commercial 
> project it's an experimental and research project and as far as I  
> know sourcefire is using another generation of snort (3D) for their 
> appliance not exclusively snort2-9  software.

The Snort that is on a Sourcefire appliance is the same Snort that you 
can download from snort.org. There is no "special Snort".

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110406/ea8c5f92/attachment.html>


More information about the Snort-devel mailing list