Snort mailing list archives
Re: using snort for 10Gbps traffic rate
From: d a <xstoneheartx () yahoo com>
Date: Fri, 8 Apr 2011 20:39:50 -0700 (PDT)
Hi, Can the snort2-9 package be used for protecting 10Gbps traffic rate without need to use parallel snort sensors and breaking (splitting) traffic between them? Can a single snort engine handle this rate? If yes, so still with the assumption of no limitation in hardware and simplest configuration, how many rules approximately can be enabled to handle this rate with acceptable packet drops rate, acceptable CPU usage,…? The reason that I insist on this topic is because what I found in documents and papers about snort performance and its supported rate, all were about less that 1Gbps and there were some solutions to develop a hardware accelerator for it to support 10Gbps rate. Thank you very much for your helps. ________________________________ From: Nigel Houghton <nhoughton () sourcefire com> To: d a <xstoneheartx () yahoo com> Cc: matan monitz <mmonitz () gmail com>; snort-devel () lists sourceforge net Sent: Tue, April 5, 2011 7:49:53 PM Subject: Re: [Snort-devel] using snort for an IDS/IPS appliance On Tue, 5 Apr 2011 07:37:38 -0700 (PDT), d a wrote:
I know that sourcefire has a product for this purpose but that is a commercial product while what we want to do is not a commercial project it's an experimental and research project and as far as I know sourcefire is using another generation of snort (3D) for their appliance not exclusively snort2-9 software.
The Snort that is on a Sourcefire appliance is the same Snort that you can download from snort.org. There is no "special Snort". -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- using snort for an IDS/IPS appliance d a (Apr 05)
- <Possible follow-ups>
- using snort for an IDS/IPS appliance d a (Apr 05)
- Re: using snort for an IDS/IPS appliance matan monitz (Apr 05)
- Re: using snort for an IDS/IPS appliance d a (Apr 05)
- Re: using snort for an IDS/IPS appliance Nigel Houghton (Apr 05)
- Re: using snort for an IDS/IPS appliance d a (Apr 06)
- Re: using snort for 10Gbps traffic rate d a (Apr 08)
- Re: using snort for 10Gbps traffic rate Martin Holste (Apr 08)
- SourceFire Appliance 3D9900 capabilities d a (Apr 14)
- Re: SourceFire Appliance 3D9900 capabilities Jason Wallace (Apr 14)
- Re: SourceFire Appliance 3D9900 capabilities Jeff Murphy (Apr 14)
- Re: SourceFire Appliance 3D9900 capabilities Martin Holste (Apr 14)
- Re: using snort for an IDS/IPS appliance matan monitz (Apr 05)
- Re: SourceFire Appliance 3D9900 capabilities Joel Esler (Apr 14)