OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Subba Rao (subba9home.com)
Date: Mon Jul 30 2001 - 05:39:59 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On 0, Dan Bunge <dbungecostco.com> wrote:
    >
    > It really all depends on how much traffic you're throwing at it.
    >
    > The only real peformance gains we found of running snort on openbsd were at
    > the 200Mb/s+ range,
    > and it wasn't really that significant anyway.
    >
    > Besides, if you've got that much bandwidth at your front door, get yourself
    > a proven commercially supported product.
    > Snort's a cool toy for home use, and it's great to have in the test lab, but
    > I'd never deploy it for production use in the enterprise. Not just yet.
    >
    > If you're just trying to find something to put down on your cable modem, use
    > whatever OS you're comfortable with.
    > You wont see any gain between the two at that low level of bandwidth
    > utilization.
    >
    > >
    > > The choice of the underlying OS that Snort will run on, is bothering me a
    > > bit.
    > > I see several threads talking about Snort on OpenBSD. Where does OpenBSD's
    > > performance surpass Linux for using it as a Snort box? Regarding the
    > > security
    > > features of the OS, both (OpenBSD and Linux) systems could be equally
    > > fortified.
    > > What are the measuarable improvements for using Snort on OpenBSD, instead
    > > of
    > > Linux?
    > >
    > > Thank you in advance for any info.
    >

    I disagree that Snort is a toy for home use only. That is a different
    discussion, where I think we can throw in real data proving that it is a
    commercial grade IDS.

    My main concern is the underlying OS for Snort. Alan Cox states that the TCP/IP
    stack for the kernel 2.4.x was rewritten. The drivers for high performance NICs
    like 3Com/Intel seem to be current on OpenBSD and Linux. So is there something
    important that I am missing about the underlying OS for Snort. (This is not a
    religious war of OSs). I like and use OpenBSD and Linux with the same level of
    importance.

    Where are the studies that are saying that OpenBSD does not drop all the packets
    on a heavy duty pipe? Or OpenBSD is x% faster than Linux for an IDS box in the
    production environment? 

    -- 

    Subba Rao
subba9home.com
http://members.home.net/subba9/

    GPG public key ID 27FC9217
Key fingerprint = 2B4C 498E 1860 5A2B 6570  5852 7527 882A 27FC 9217