[Snort-users] Hardware suggestions

shawn . moyer shawn at ...1184...
Thu Mar 1 21:40:46 EST 2001


"Mann, Kamal (CCI-Las Vegas)" wrote:
> 
> I have a rather silly question.  I need to monitor a rather busy network
> segment, average traffic levels in the 200-230meg range.  Currently the
> Intel machine I have monitoring this segment is missing packets extremely
> badly.  Does anybody have any ideas on what hardware & os platform might be
> able to monitor this level of activity?  The major requirement is that it be
> able to support a gig-e interface.  Thanks.

I know that the Dragon IDS is capable of Gig-E -- they do this on a
Quad-Xeon box, I believe running FBSD. I think the last time this came
up no one the list had pushed Snort or LibPcap this hard yet, so you'd
certainly be on the bleeding edge. 

You may want to look into splitting things up into multiple IDSes if
this is possible (i.e. break IDS off into different boxen on each
segment).  I think the main requirement would be a box with a fast
enough backplane, so you're probably looking at Sparc, Xeon, etc. over
standard x86 hardware.




--shawn

-- 
s h a w n   m o y e r
shawn at ...1184...

Man will occasionally stumble over the truth,
but most of the time he will pick himself up and continue on.

					-- Churchill




More information about the Snort-users mailing list