RE: IDS on VPN-GW

Snort did not drop any packets. It handled T1 speed (mostly VPN traffic) just fine. Again, I haven't tested his on 100Mb or even 10Mb segments. At some point, I might perform some benchmarking on faster links, but unfortunately, I don't have time at the moment.

 -----original message-----

>How well did Snort keep up, however? I can't believe it wasn't missing
>packets at that point...
>
>>-----Original Message-----
>>From: Keith T. Morgan [mailto:keith.morgan_at_terradon.com]
>>Sent: Monday, December 02, 2002 10:05 AM
>>To: counter.spy_at_gmx.de
>>Cc: focus-ids_at_securityfocus.com
>>Subject: RE: IDS on VPN-GW
>>
>>
>>We've deployed this scenario on Linux + Free S/Wan running snort on all
>>physical interfaces and all ipsecX interfaces for folks. The fastest
>>wire-speed we've had on one of these deployments is T1, and a PIII450
>>has handled VPN traffic at wirespeed even with the added load of snort.
>>Sorry I don't have any higher-bandwidth benchmarks for you.
>>
>>
>>-----Original Message-----
>>From: counter.spy_at_gmx.de [mailto:counter.spy_at_gmx.de]
>>Sent: Friday, November 29, 2002 4:20 AM
>>To: focus-ids_at_securityfocus.com
>>Subject: IDS on VPN-GW
>>
>>
>>>Hi folks,
>>>I have recently tested snort on a vpn-gateway that runs on linux (just
>>>for testing purposes, no productive server).
>>>
...

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!