[Snort-users] Recommended hardware for running snort in packet logging mode on home network proxy?

John Michael Kane johnmkane05 at ...11827...
Fri Mar 22 20:35:05 EDT 2013


I want to position a squid proxy in between my home PCs and my ISP-supplied
broadband modem/router, probably running some version of Debian. What would
be the recommend hardware spec for running this with snort in
packet-logging (to file) mode (and does the IDS functionality still work
while packet logging is enabled?) bearing in mind it's just a home network
with about 7-8 devices max connecting at any one time.

Also would I experience much of an increase in latency on my connected
devices by adding this extra hop? Most demanding network activity would
probably be HD streaming between a DLNA server and client machine.

Also I'd probably want to allow both wired and WiFi connections into this
proxy from the PCs (with a single outgoing wired connection direct to the
modem). Can snort monitor two incoming network adapters, one WiFI one
ethernet? Or it could just monitor the outgoing ethernet connection I guess?

Thanks for any pointers in the above three areas.
