[Snort-users] GIG IDS

Michael Scheidell scheidell at ...5171...
Tue Sep 12 08:30:06 EDT 2006


you may need a commercial system to keep up, or at least one box per
connection.
If you have a lot of 'small' < 64 byte packets, you might forget the
pizza box.
(run ntop on a sniffer link for a week and see)
 
The backplane on most 'pizza bozes' is 3.2Gbs max., and two
bidirectional 1GB pipes would be, well, more than the available
backplane bandwidth.
 
 

	-----Original Message-----
	From: snort-users-bounces at lists.sourceforge.net
[mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of Marc
Appelbaum
	Sent: Tuesday, September 12, 2006 8:24 AM
	To: snort-users at lists.sourceforge.net
	Subject: [Snort-users] GIG IDS
	
	
	I'm looking for any insight into successful gigabyte Snort
deployments.  My network is huge multi-gigabyte environment.  Most of
the connections to my firewalls are gig.  My Intenet connections are
mostly dual OC-12s.
	
	I'm thinking about using a high end Linux with say Red Hat 4 or
FreeBSD with at least 4 GB RAM with a Dual Core Intel CPU.
	 
	 
	Any advice is very welcome.
	
	--Marc
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060912/57de2529/attachment.html>


More information about the Snort-users mailing list