Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and high performance networks

From: Christopher Rapier <rapier () psc edu>
Date: Thu, 20 May 2004 12:31:38 -0400

On May 20, 2004, at 11:45 AM, Kreimendahl, Chad J wrote:



Well, I'm sure there is a system out there that can handle this, but my
question would be:  How in the world do you expect to get a 30GBps
connection pumped to unix/win machine?   Assuming Cisco device, you
might be able to pump 2 SPANS (at 1G each) to a sensor...   The other
two should be no problem... But that 30G on a single device... Rough
one.
Well, the 30GB is really just an example of the size of the networks I have to deal with. I don't actually think we can do much for that network Maybe after it gets broken up to different subnets inside of our network though. Anyway, the question was really about what the limits of snort are in terms of how much data it can handle assuming we can get that much data to it. Even with a minimal rule set on a fast unix box I wonder what we can pull off.
I think other people out there must have run across using snort on higher speed links (say 600 to 800Mbps) and I wonder what sort of problems they've encountered and if their solutions might scale up to even higher speeds. 



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: