[Snort-users] Snort and high performance networks

Kreimendahl, Chad J Chad.Kreimendahl at ...4716...
Thu May 20 08:46:02 EDT 2004


Well, I'm sure there is a system out there that can handle this, but my
question would be:  How in the world do you expect to get a 30GBps
connection pumped to unix/win machine?   Assuming Cisco device, you
might be able to pump 2 SPANS (at 1G each) to a sensor...   The other
two should be no problem... But that 30G on a single device... Rough
one. 

-----Original Message-----
From: Christopher Rapier [mailto:rapier at ...11836...] 
Sent: Thursday, May 20, 2004 10:13 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort and high performance networks

We have a number of networks coming into out facility that I'm 
interested in monitoring with snort. The problem is that these networks 
are big. Really big. One of them is 30GBits (3 lambdas over dwdm). The 
smaller ones are OC48, 802.11ad bonded GigE, and so forth. My question 
is how much (in whatever terms you wish to use) can snort be reasonably 
expected to handle?

If anyone can point me to resources related to snort/bro/whatever in 
high performance networks I'd sure appreciate it.

Chris



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.

Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list