[Snort-devel] using snort for an IDS/IPS appliance
xstoneheartx at ...398...
Wed Apr 6 05:51:31 EDT 2011
Do all these mean that snort2-9 can be used for protecting 10Gbps traffic rate
without need to use parallel snort sensors and breaking (splitting) traffic
between them? Can a single snort engine handle this rate? If yes, so still with
the assumption of no limitation in hardware and simplest configuration, how many
rules approximately can be enabled to handle this rate with acceptable packet
drops rate, acceptable CPU usage,…?
The reason that I insist on this topic is because what I found in documents and
papers about snort performance and supported rate, all were about less that
1Gbps and there were some solutions to develop a hardware accelerator for snort
to support 10Gbps rate.
Thank you very much for your helps.
From: Nigel Houghton <nhoughton at ...402...>
To: d a <xstoneheartx at ...398...>
Cc: matan monitz <mmonitz at ...2499...>; snort-devel at lists.sourceforge.net
Sent: Tue, April 5, 2011 7:49:53 PM
Subject: Re: [Snort-devel] using snort for an IDS/IPS appliance
On Tue, 5 Apr 2011 07:37:38 -0700 (PDT), d a wrote:
> I know that sourcefire has a product for this purpose but that is a
> commercial product while what we want to do is not a commercial
> project it's an experimental and research project and as far as I
> know sourcefire is using another generation of snort (3D) for their
> appliance not exclusively snort2-9 software.
The Snort that is on a Sourcefire appliance is the same Snort that you
can download from snort.org. There is no "special Snort".
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel