[Tfug] Snort question
Harry McGregor
micros at osef.org
Wed Nov 5 16:58:22 MST 2003
On Wed, 2003-11-05 at 16:39, steveb7 at bblabs.net wrote:
> In need of a little advice from the group. Would a PII/333 Celeron with 128MB RAM have enough
> horsepower to run Snort?
This is Dependant on the amount of traffic, it probably can't fully
monitor a loaded 100Mbit ethernet, but it is faster than what we are
using here at USGS/TCSG.
We have the following connections being routed, NATed in multiple ways,
and monitored by a 266MHz PII.
a) 100Mbit Internal network (not monitored yet, but it is firewalled,
for example port 25 outbound is blocked)
b) 100Mbit UA network (fully monitored with snort, and intensive
firewall rules)
c) 100Mbit DMZ (all email/web traffic goes through the DMZ, including
from the internal network, and it's fully monitored and firewalled)
d) 10Mbit connect to a 3Mbit FrameRelay for GeoNET (Fully monitored and
firewalled).
> I'm thinking about adding a box to my DSL line so that I can monitor
> probes coming from the Internet.
If it's just incoming traffic on a DSL line that you are concerned with
a P75 or 486DX-40 should probably have enough horsepower to run snort on
it effectively.
> This is for a small home LAN with no more than 3-4 users at
> any one time.
Would you be sniffing all internal traffic on your home network?
Computer to Computer traffic through a hub or mirrored switch port? If
not, then almost any hardware you can find will have no problems running
snort on your DSL line.
Harry
>
> Steve
>
> _______________________________________________
> tfug mailing list
> tfug at tfug.org
> http://www.tfug.org/mailman/listinfo/tfug
--
--
Harry McGregor, CEO, Co-Founder
Hmcgregor at osef.org, (520) 661-7875 (CELL)
Open Source Education Foundation, http://www.osef.org
A non-profit tax exempt charitable organization
More information about the tfug
mailing list