[Snort-users] Fastest performing snort box.

Steve Shockley Steve.Shockley at ...378...
Thu Aug 24 15:30:01 EDT 2000

I run Snort to monitor a 512k frac-T1 (one box) and another to monitor both
a full FR T1 and the traffic going into the inside of my firewall (so if
somebody inside tries something sneaky on someone else I know about it).
Both are running on two Dell Latitude CPi D266 laptops in a dock (PCI
3com-based NIC) with OpenBSD 2.7 snapshot.  (Base 2.7 had problems with some
Cardbus cards.)  I hardly ever see the load shoot up on them, even with X
running.  I used the laptops because they were laying around from
downsizing, and they don't need an external monitor or take up much
server-room space.  Best of all, it looks cool to see a bunch of machines
sitting around running 'xlock -mode matrix'... <g>

-----Original Message-----
From: Joe Magee [mailto:me at ...297...]
Sent: Wednesday, August 23, 2000 4:02 PM
To: Snort-Users
Subject: [Snort-users] Fastest performing snort box.

I'm currently looking to deploy a backend IDS for my ISP. I need to know the
best hardware architecture that snort can run the fastest on. If I where to
budget $4000 to each snort box, What would be the "dream system" to run it

If I was to stay with the notion that the Pentium line would be best bang
for the buck, what would be the fastest underlying OS to run snort on under
the i386 chipset? 
Would OpenBSD be the fastest? 
How does it compare to say Mandrake?

Thanks all!!

Joe Magee <me at ...297...>
PCMedix Network Integration

