RE: Re[2]: performance snort question

[Thomas Whipp <tkw () objectronix co uk>]

and of course you need to know what ruleset/pre-processors
you are using... I haven't done any serious benchmarking
(all me sensors have a lot of headroom just now).

Anyone have any thoughts as to a "minimal" ruleset - perhaps
<100 rules and concentrating on actual attacks and generic
rules (such as the x86 NOOP rule)?

        Tom

> -----Original Message-----
> From: Lee Smallbone [mailto:lee () smallbone com]
> Sent: 19 June 2001 09:58
> To: Snort-users () lists sourceforge net
> Subject: Re[2]: [Snort-users] performance snort question
>
>
> Tuesday, June 19, 2001, 8:44:42 AM, you wrote:
>
> EHS> I haven't seen an answer to Roeland's questions so
far.  I am
> EHS> currently considering building a snort box wich
should be able to
> EHS> withstand a saturated 100mbps in worst-case, and have

> been unable to
> EHS> find even the slightest hint on what hardware 
> requirement would be
> EHS> needed to do that.
>
>  The author seems fairly sure that a 486 should be able to
keep up
>  with a 100mbit/s link. I'd go one step further and use
the following
>  configuration so I know it would be there if it was
needed:
>                o) old pentium of some sort (P90/100)
>                o) 32-64mb ram
>                o) Large disk to cope with logs (pref SCSI
or ATA100)
>                o) Decent, trusted 100mbit/s NIC
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users