[Snort-users] Fastest performing snort box.

Robert E. Leever bel1 at ...358...
Wed Aug 23 19:33:23 EDT 2000

Not sure if the pentiums will give you the *most* !4$.

A sun ultra-1 model 170 with 64Megs of ram,
2G hardrive, tgx graphics card was about $3500
from ISG in Redmond, WA.  in Sept of '98. 
Not very fast but ...

A Sun Ultra-10 with 256M ram, 9Gig Hardrive, 
floppy, cd, a 440Mhz ultra-sparc-2 prcessor 
running solaris 8 is $3943.30.
includes the crt. and the pgx graphics card.
My company gets a deal on these, however...
you could probably work out something similar
with any sun reseller.

Sun has excellent warrenty support including software,
for at least 1 year, [might be longer on the ultra].

Last benchmark I saw put the ultra-sparc quite 
a ways above the pentiums -- but that was some
time ago.

Snort runs very well on my sparc 5 [sol 2.6] model 70,
an ultra-1 mod 170's and even a really old sparc 20 
running 2.5.1 with 67 Mhz dual processors.

The sparc 5 is dog slow compared to an ultra-10. 
[or even the ultra-1] but it doesn't seem to have any 
problem [no dropped packets] on a class C network with 
roughly 100 active systems on it.  These are all 10Mbit ethernet
drops and include some randomly assigned ip addresses for the NT
systems in the shop. [maybe 40 are active at any one time].

The ultra-1 is monitoring a class C subnet with about 150 systems
on it.  again, no dropped packets & that's a 100Mb  subnet.  

This 2nd subnet has
two E5000 NFS servers [source code, compiles & home directories]
on it so there's a lot of traffic.

The sparc-5 cpu speed is only 67Mhz and it's also my desktop system,
But...it seems to be quite a bit faster than my Intel 350Mhz Celeron Win98
at home.  apples and oranges and subjective, I know... but what the heck.

Solaris 8 [source code & all] is available & that's a *real* o/s.
It's also supposed to be faster than 2.6 [but 2.6 is pretty thoroughly
debugged and has fewer security holes - especially if you don't keep/use
the dt environment.].


