[Snort-users] RE: IDS Load Balancer

Richard Bejtlich taosecurity at ...11827...
Mon Feb 27 05:51:02 EST 2006


Angel R wrote:

>     I'm going to start a project to implement an end to end IDS solution in a data
> center. My problem is that high traffic rate in the data center leads me to use
> an load balancer to balance the traffic to multiple Snort servers. I'll be thankful
> if you help me to find a proper [including commercial] solution.

Hello,

You can build a simple traffic inspection splitter using commodity
hardware and the Pf firewall.  I explain it in my book Extrusion
Detection (www.extrusiondetection.com).  An excerpt, published on my
blog, demonstrates the idea:

http://taosecurity.blogspot.com/2005/07/distributed-traffic-collection-with-pf.html

Sincerely,

Richard




More information about the Snort-users mailing list