[Snort-users] OS Choice - No Flame War!
erek at ...577...
Sun Sep 9 07:50:03 EDT 2001
On Sun, 9 Sep 2001 gary.smith at ...3189... wrote:
> Without wishing to start some sort of Jihad/Flame War (_please_ take note)
Damn, And I like those candies! Hard and Chewy, but spicy! ;-P
> can someone give me an objective comparison of Snort on the various
Ugh... You're asking a tough one...
> Everyone will have their own personal favourites and thats fine by me, but
> I'm looking to make a long term decision on probe OS and I'd rather that
> wasn't made on the back of a "use RedHat because I like it" post.
> An objective Win32 vs. *NIX comparison followed by a best *NIX would be
I can't and won't speak for M$. I don't use it, so I have no real clue to
*NIXs: I've not built sensors on every single platform. I've not used every
single *nix. So I'm not speaking for every one of them... What I have found
is the *nixes with the better TCP/IP stacks are usually your winners. *BSD
seems to be the fastest, most stable stack. Personally, I like OpenBSD as a
sensor platform. Stable, solid, and you can get a nice custom kernel for a
rather tight little box. Next, It's a toss-up between Linux variants. The
newer 2.4 kernel helped out quite a bit on stability and robustness, but I'm
still not ready to put Linux into a production setup. And then you have the
tank: Solaris. Turn it on, point it in a direction, move outa the way and
just let it run. In a test lab, I've had Solaris handling a sustained 25mb on
a 100mb segment. (No, I know that's not a lot, but it was all I could push!
> I use or have used Windows2000, NT, HP-UX, AIX, Solaris, Mandrake, RedHat,
> Caldera. They are all good operating systems in their own way. Comparisons
> are only valid when discussing equivalent skilled administrators on both
> platforms. I have seen *NIX boxes that were wide open in comparison to NT
> boxes I have hardened (and vice versa).
Disclaimer noted and understood. It all depends on the admin at the keyboard.
A comptent admin makes _all_ the difference. Use the right OS for the job,
just be sure you've got a good admin for that OS. :)
More information about the Snort-users