[Snort-users] OS Choice - No Flame War!

Erek Adams erek at ...577...
Sun Sep 9 07:50:03 EDT 2001

On Sun, 9 Sep 2001 gary.smith at ...3189... wrote:

> Without wishing to start some sort of Jihad/Flame War (_please_ take note)

Damn, And I like those candies!  Hard and Chewy, but spicy! ;-P

> can someone give me an objective comparison of Snort on the various
> platforms?

Ugh...  You're asking a tough one...

> Everyone will have their own personal favourites and thats fine by me, but
> I'm looking to make a long term decision on probe OS and I'd rather that
> wasn't made on the back of a "use RedHat because I like it" post.
> An objective Win32 vs. *NIX comparison followed by a best *NIX would be
> great.

I can't and won't speak for M$.  I don't use it, so I have no real clue to
offer there.

*NIXs:  I've not built sensors on every single platform.  I've not used every
single *nix.  So I'm not speaking for every one of them...  What I have found
is the *nixes with the better TCP/IP stacks are usually your winners.  *BSD
seems to be the fastest, most stable stack.  Personally, I like OpenBSD as a
sensor platform.  Stable, solid, and you can get a nice custom kernel for a
rather tight little box.  Next, It's a toss-up between Linux variants.  The
newer 2.4 kernel helped out quite a bit on stability and robustness, but I'm
still not ready to put Linux into a production setup.  And then you have the
tank:  Solaris.  Turn it on, point it in a direction, move outa the way and
just let it run.  In a test lab, I've had Solaris handling a sustained 25mb on
a 100mb segment.  (No, I know that's not a lot, but it was all I could push!

> <disclaimer>
> I use or have used Windows2000, NT, HP-UX, AIX, Solaris, Mandrake, RedHat,
> Caldera.  They are all good operating systems in their own way.  Comparisons
> are only valid when discussing equivalent skilled administrators on both
> platforms.  I have seen *NIX boxes that were wide open in comparison to NT
> boxes I have hardened (and vice versa).
> </disclaimer>

Disclaimer noted and understood.  It all depends on the admin at the keyboard.
A comptent admin makes _all_ the difference.  Use the right OS for the job,
just be sure you've got a good admin for that OS.  :)

Erek Adams

