[Snort-users] Fastest performing snort box.

Fabio Pietrosanti naif at ...218...
Fri Aug 25 04:11:25 EDT 2000


I Think you should use a toplayer switch, that operate at level 7 to
configure various spanning port based on src/dst ip/port and use  more
than one box, or buy an IBM S80 with 24 processor and 12gb of memory :P


Pietrosanti  Fabio          I.NET SpA, High Quality Access to the Internet
e-mail:  naif at ...218...		( Direzione Tecnica, Gruppo Firewall )
         firewall at ...218...
PGP Key (DSS) 				http://naif.itapac.net/naif.asc

Home Page URL:            http://www.inet.it
Sede:                     Via Caldera, 21 20153 Milano
Tel:                      02-409061 Fax: 02-40906303
 --
Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS


On Thu, 24 Aug 2000, Joe Magee wrote:

> Our minimum speed requirments are OC-3 up to an DS/OC-12.
> 
> ---------- Original Message ----------------------------------
> From: Steve Shockley <Steve.Shockley at ...380...>
> Date: Thu, 24 Aug 2000 15:30:01 -0400
> 
> >I run Snort to monitor a 512k frac-T1 (one box) and another to monitor both
> >a full FR T1 and the traffic going into the inside of my firewall (so if
> >somebody inside tries something sneaky on someone else I know about it).
> >Both are running on two Dell Latitude CPi D266 laptops in a dock (PCI
> >3com-based NIC) with OpenBSD 2.7 snapshot.  (Base 2.7 had problems with some
> >Cardbus cards.)  I hardly ever see the load shoot up on them, even with X
> >running.  I used the laptops because they were laying around from
> >downsizing, and they don't need an external monitor or take up much
> >server-room space.  Best of all, it looks cool to see a bunch of machines
> >sitting around running 'xlock -mode matrix'... <g>
> >
> >
> >-----Original Message-----
> >From: Joe Magee [mailto:me at ...297...]
> >Sent: Wednesday, August 23, 2000 4:02 PM
> >To: Snort-Users
> >Subject: [Snort-users] Fastest performing snort box.
> >
> >
> >I'm currently looking to deploy a backend IDS for my ISP. I need to know the
> >best hardware architecture that snort can run the fastest on. If I where to
> >budget $4000 to each snort box, What would be the "dream system" to run it
> >on.
> >
> >If I was to stay with the notion that the Pentium line would be best bang
> >for the buck, what would be the fastest underlying OS to run snort on under
> >the i386 chipset? 
> >Would OpenBSD be the fastest? 
> >How does it compare to say Mandrake?
> >
> >Thanks all!!
> >
> >Joe Magee <me at ...297...>
> >PCMedix Network Integration
> >
> >
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >http://lists.sourceforge.net/mailman/listinfo/snort-users
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >http://lists.sourceforge.net/mailman/listinfo/snort-users
> >
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
> 




More information about the Snort-users mailing list