[Snort-users] Sizing a system for gigabit backbone

Victor Barahona victor.barahona at ...700...
Thu Nov 2 14:23:01 EST 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 31 October 2000 09:35, Archive User wrote:
>Hiya,
>
>I am trying to come up with some hardware recommendations
>for a new snort IDS system I want to put on my lan. Unfortunaly
>we are on a totally switched 100mbit network. I can setup a
>mirror port on one of my switches so I can link up with a
>giganit nic and sniff the entire lan, but I am totally lost
>when it comes to sizing a snort system for this level of traffic.

I am in a similar situation with the exception that my backbone is going 
to be real gigabit. So I just can't setup a mirror port because it can be 
overload because mirroring a full-duplex port can reach 1Gb+1Gb of trafic 
(input/output). So it could be a temporal solution but the good one.

I heard about fiber splitters to sniff the network maintaining the network 
integrity. The question is if a simple NIC can handle a full-duplex trafic 
using a splitter because the trafic will came to the NIC through reception 
and emision cables.

So, Has anybody been analyzing trafic in a Gigabit full-duplex network 
without using port mirroring?

Overreading my question it sound to my a bit off-topic, sorry.

Thanks.

Pd.- sorry about my pour english.
- -- 
"Alone? you are not alone, Bigbrother is watching you"

- ------------------------------------------------------------------------
Victor Barahona..........................http://www.utc.uam.es/~barahona
Soporte Seguridad en red.................http://www.utc.uam.es/ss
Unidad Tecnica de Comunicaciones
Universidad Autonoma de Madrid
Tlf.- 91 397 5525                                      PGP ID-0x8750AB79
- ------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOgG/FUoW8ByHUKt5EQIX5ACg3g5HHCkBmFaHbH03x6Y+lb19mEMAoKUO
HQsaforSBvJtmz4NBW0zRphl
=x36L
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list