[Snort-users] GIG IDS

Matt Jonkman mjonkman at ...12231...
Tue Sep 12 08:51:07 EDT 2006


I was just putting this story up at bleeding snort:

http://www.bleedingsnort.com/article.php?story=20060912082537189

Sensory networks has a hardware acceleration card that may be of
particular interest. I'm looking into using it myself :)

Matt


Michael Scheidell wrote:
> you may need a commercial system to keep up, or at least one box per
> connection.
> If you have a lot of 'small' < 64 byte packets, you might forget the
> pizza box.
> (run ntop on a sniffer link for a week and see)
>  
> The backplane on most 'pizza bozes' is 3.2Gbs max., and two
> bidirectional 1GB pipes would be, well, more than the available
> backplane bandwidth.
>  
>  
> 
>     -----Original Message-----
>     *From:* snort-users-bounces at lists.sourceforge.net
>     [mailto:snort-users-bounces at lists.sourceforge.net] *On Behalf Of
>     *Marc Appelbaum
>     *Sent:* Tuesday, September 12, 2006 8:24 AM
>     *To:* snort-users at lists.sourceforge.net
>     *Subject:* [Snort-users] GIG IDS
> 
>     I'm looking for any insight into successful gigabyte Snort
>     deployments.  My network is huge multi-gigabyte environment.  Most
>     of the connections to my firewalls are gig.  My Intenet connections
>     are mostly dual OC-12s.
> 
>     I'm thinking about using a high end Linux with say Red Hat 4 or
>     FreeBSD with at least 4 GB RAM with a Dual Core Intel CPU.
>      
>      
>     Any advice is very welcome.
> 
>     --Marc
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
--------------------------------------------
Matthew Jonkman, CISSP
Senior Security Engineer
Infotex
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC
http://my.infotex.com
http://www.infotex.com
http://www.bleedingsnort.com
--------------------------------------------






More information about the Snort-users mailing list