[Snort-users] snort throughput

Martin Roesch roesch at ...1935...
Mon Sep 4 21:25:54 EDT 2006

Hash: SHA1

Hi Marcus,

Are you looking to install the sensors out-of-band (passive only) or  
inline?  The aggregate performance you're going to get is going to  
depend on a number of factors like the configuration of the system  
and which rules you're running as well as the underlying hardware and  
the OS configuration.

Without specialized hardware you're going to be hard pressed to get  
that kind of performance out of two machines.  You could build a  
machine to try to hit those performance levels combining high  
performance systems hardware (core 2 duo/xeons, for example) and  
accelerators like those from Endace, but don't forget about the  
backend that's going to be required to manage the data the sensors  
produce and manage their configuration, etc.

We have multi-gig appliances at Sourcefire if you're looking for  
prebuilt systems, check it out if you're interested.


On Sep 4, 2006, at 8:29 PM, rna wrote:

> Hi,
> i'm lookin forward to use snort with a big security project. There  
> is a
> requirement of "4 gb/s throughput for the IDS system" which should be
> based on 2  (snort) sensors. now those questions arise: is snort the
> right ids here and with what hardware should be used to reach 4gb/s
> throughput of the system ?
> Best regards
> Marcus
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

Version: GnuPG v1.4.1 (Darwin)


More information about the Snort-users mailing list