|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Williams (dwilliamsd
gmail.com)
Date: Thu Feb 14 2008 - 19:01:27 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yeah, I'm spiking at over 7G, average run rate during prime hours of 1
to 2G, capability in times of crisis up to 10G. Detection mode, not
inline. Inline may/will happen (depending on who you ask), but only
with a limited ruleset that we generate internally. So, my question
returns.... anybody ever tested any of the platforms below?
On Thu, Feb 14, 2008 at 7:02 PM, Moses Hernandez
<mosesnetworksamurai.org> wrote:
>
> I am catching this a bit late but let m chime in here. Exactly what I the
> question. Do you want to do inline prevention or out of band detection at
> 10g?
>
> The reason I ask is because unless you can prove with netflow that you need
> 10gb most people do not. In addition you may do further analysis and find
> out by although you want 10gb; in reality you may only want to protect and
> detect at a different part of the network that is maybe 2gb not 10.
>
> Lastly, consider what you are asking the device to do. Ips and ids
> performance may degenerate based on several factors.
>
> 1 - how many preprocessors are you running through
> 2 - do you need to run through all those preprocessors?
> 3 - do you have necessary and unnecessary ( or wasteful ) signatures loaded?
>
> Once you have an idea then meassure those factors in life (demo) and
> calculate actual performance before making a decision.
>
>
>
> Moses Hernandez
> Www.networksamurai.org
>
>
> On Feb 14, 2008, at 5:17 PM, JJC <cummingsjgmail.com> wrote:
>
>
> I suggest researching sourcefire a bit further... they are not just another
> vendor like any other... see what their relationship is to snort. Granted,
> the box is expensive but you often get what you pay for, or for how much
> time you invest in engineering a solution etc...
>
> On Thu, Feb 14, 2008 at 5:05 PM, David Williams <dwilliamsdgmail.com>
> wrote:
> > Yeah, I looked at them and did some checking. They're commercial 10G
> > solution lists for around $250,000 I think. I'm looking for something
> > a little lower down the price list. I just want the performance...
> > not all the other stuff you get when you buy SourceFire.
> >
> >
> >
> >
> > On Thu, Feb 14, 2008 at 4:36 PM, Joel Esler <joel.eslersourcefire.com>
> wrote:
> > > How about... Sourcefire? The people who make Snort?
> > >
> > > They might have a go-fast solution.
> > >
> > > J
> > >
> > >
> > >
> > > On Feb 14, 2008, at 4:26 PM, David Williams wrote:
> > >
> > > > Hello List,
> > > >
> > > > I'm trying to get Snort to go very fast. Has anybody evaluated any
> of
> > > > these solutions below. I know these vendors are claiming multi-gig
> > > > Snort, but I'm skeptical of vendor claims (obviously).
> > > >
> > > > - Endace's Ninja appliance (they claim 10G, but the webcast seemed to
> > > > contradict this claim by stating just under 2G)
> > > >
> > > > - Netronome Systems Open Appliance (claiming 6-8G)
> > > >
> > > > - Bivio Networks B7000 (claiming 10G)
> > > >
> > > > Anybody else I'm missing from the list of vendors claiming to make
> > > > Snort go fast?
> > > >
> > > > thanks,
> > > >
> > > > Dave
> > > >
> > >
> > >
> > > >
> -------------------------------------------------------------------------
> > > > This SF.net email is sponsored by: Microsoft
> > > > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-userslists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > >
> > >
> > > --
> > > Joel Esler joel.eslersourcefire.com
> > >
> > >
> > >
> > >
> > >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-userslists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]