[Snort-users] snort throughput
roesch at ...1935...
Mon Sep 4 21:25:54 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Are you looking to install the sensors out-of-band (passive only) or
inline? The aggregate performance you're going to get is going to
depend on a number of factors like the configuration of the system
and which rules you're running as well as the underlying hardware and
the OS configuration.
Without specialized hardware you're going to be hard pressed to get
that kind of performance out of two machines. You could build a
machine to try to hit those performance levels combining high
performance systems hardware (core 2 duo/xeons, for example) and
accelerators like those from Endace, but don't forget about the
backend that's going to be required to manage the data the sensors
produce and manage their configuration, etc.
We have multi-gig appliances at Sourcefire if you're looking for
prebuilt systems, check it out if you're interested.
On Sep 4, 2006, at 8:29 PM, rna wrote:
> i'm lookin forward to use snort with a big security project. There
> is a
> requirement of "4 gb/s throughput for the IDS system" which should be
> based on 2 (snort) sensors. now those questions arise: is snort the
> right ids here and with what hardware should be used to reach 4gb/s
> throughput of the system ?
> Best regards
> Using Tomcat but need to do more? Need to support web services,
> Get stuff done quickly with pre-integrated technology to make your
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the Snort-users