[Snort-users] advice on scaling / performance
Joseph Nicholas Yarbrough
nyarbrough at ...262...
Tue Jun 19 10:42:34 EDT 2001
I suppose I need a "We aren't idiots" disclaimer now? An IP on only one
interface, readonly cables on others, and no packet forwarding at all. Not to
mention (actually I did) netfilter rules to protect the machine. I understand
the machine I mentioned could not handle 100mbps (fully saturated) on 4
separate links. From what I read in the list archive, several people agreed a
500mhz duron with 64 megs of ram would be sufficient for a 100mbps with
"spurts" of full saturation. Is this now incorrect?
On Tuesday 19 June 2001 09:20, Jason Lewis wrote:
> You do realize with that configuration, you have created a gateway to each
> The performance thing is based on traffic and load. If you have dual
> T-3's, 500 servers and 10,000 internal clients, I don't think that box can
> keep up.
> Jason Lewis
> It's not secure "Because they told me it was secure".
> The people at the other end of the link know less
> about security than you do. And that's scary.
More information about the Snort-users