Snort mailing list archives
Re: Gigabit performance
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Fri, 25 Sep 2009 07:26:15 -0500
Quoting Jason Brvenik <jasonb () sourcefire com>:
I'm guessing that it is not possible to do what you are asking. You should investigate using real hardware designed for the purpose.
I would agree with Jason. There are special taps, adapters and hardware engineered for that purpose. start here: http://netquestcorp.com if you want to build such a box. We played with this kind of tech a few years ago. It was fun and *very* educational for everyone on the project. Most hardware for this purpose will include some kind of packet analysis preprocessor on the adapter, plus the number of off the shelf network switches that can reliably mirror this level of traffic to the sensor eliminates low and mid range commodity network kit. On the other hand if you want to do something besides hardware engineering, take you requirements back to square one and ask, "what do I really want to achieve", then try to achieve that. Why inline, is it really necessary? Why snort 2.8, is it really necessary? Why Full ... rules, that's usually never necessary And so on until the list contains achievable goals.
On Thu, Sep 24, 2009 at 10:39 AM, Tomás Heredia <tomas.heredia () activesec biz> wrote:Hi all! I know this is a many-times asked question, but I can´t find any conclusive information about this scenario.. I need to use snort in inline mode, and have to know which hardware would I need to run: Snort 2.8.x in inline mode Full (or almost) rule set, including upt to date VRT rules No DB (just text alerts) VMWare ESXi based (single VM on this ESXi) Dual gigabit ethernet, plus one form management.. And support near Gigabit traffic WITHOUT any packet loss. Does anybody have experience in a setup like this? Thanks! ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Gigabit performance Tomás Heredia (Sep 24)
- Re: Gigabit performance Jason Brvenik (Sep 24)
- Re: Gigabit performance Jack Pepper (Sep 25)
- Re: Gigabit performance Jason Brvenik (Sep 24)