Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Subba Rao (subba9home.com)
Date: Mon Jul 30 2001 - 05:39:59 CDT
On 0, Dan Bunge <dbungecostco.com> wrote:
> It really all depends on how much traffic you're throwing at it.
> The only real peformance gains we found of running snort on openbsd were at
> the 200Mb/s+ range,
> and it wasn't really that significant anyway.
> Besides, if you've got that much bandwidth at your front door, get yourself
> a proven commercially supported product.
> Snort's a cool toy for home use, and it's great to have in the test lab, but
> I'd never deploy it for production use in the enterprise. Not just yet.
> If you're just trying to find something to put down on your cable modem, use
> whatever OS you're comfortable with.
> You wont see any gain between the two at that low level of bandwidth
> > The choice of the underlying OS that Snort will run on, is bothering me a
> > bit.
> > I see several threads talking about Snort on OpenBSD. Where does OpenBSD's
> > performance surpass Linux for using it as a Snort box? Regarding the
> > security
> > features of the OS, both (OpenBSD and Linux) systems could be equally
> > fortified.
> > What are the measuarable improvements for using Snort on OpenBSD, instead
> > of
> > Linux?
> > Thank you in advance for any info.
I disagree that Snort is a toy for home use only. That is a different
discussion, where I think we can throw in real data proving that it is a
commercial grade IDS.
My main concern is the underlying OS for Snort. Alan Cox states that the TCP/IP
stack for the kernel 2.4.x was rewritten. The drivers for high performance NICs
like 3Com/Intel seem to be current on OpenBSD and Linux. So is there something
important that I am missing about the underlying OS for Snort. (This is not a
religious war of OSs). I like and use OpenBSD and Linux with the same level of
Where are the studies that are saying that OpenBSD does not drop all the packets
on a heavy duty pipe? Or OpenBSD is x% faster than Linux for an IDS box in the
Subba Rao subba9home.com http://members.home.net/subba9/
GPG public key ID 27FC9217 Key fingerprint = 2B4C 498E 1860 5A2B 6570 5852 7527 882A 27FC 9217