[Snort-users] Fastest performing snort box.

Nathan Carey ncarey at ...368...
Wed Aug 23 21:39:19 EDT 2000


I read a report a while ago debating the performance of OS's with NFR. BSD
came out way ahead using the same hardware, with negligable differences
between OpenBSD and FreeBSD. Solaris was pretty quick too, with Linux
definitely behind in high-performance roles. I don't think the distribution
matters, the main difference seemed to be in the implementation of the
filters (I think it was libpcap based) on the OS. From memory, BSD came out
ahead because they could use bpf with libpcap. Please, anyone correct me if
I'm wrong here - it was a while ago.

Nathan Carey

----- Original Message -----
From: "Joe Magee" <me at ...297...>
To: "Snort-Users" <snort-users at lists.sourceforge.net>
Sent: Thursday, August 24, 2000 6:01 AM
Subject: [Snort-users] Fastest performing snort box.


> I'm currently looking to deploy a backend IDS for my ISP. I need to know
the best hardware architecture that snort can run the fastest on. If I where
to budget $4000 to each snort box, What would be the "dream system" to run
it on.
>
> If I was to stay with the notion that the Pentium line would be best bang
for the buck, what would be the fastest underlying OS to run snort on under
the i386 chipset?
> Would OpenBSD be the fastest?
> How does it compare to say Mandrake?
>
> Thanks all!!
>
> Joe Magee <me at ...297...>
> PCMedix Network Integration
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
>




More information about the Snort-users mailing list