[Tfug] Snort question

steveb7 at bblabs.net steveb7 at bblabs.net
Wed Nov 5 17:05:26 MST 2003 

Thanks Harry! Right now it will be strictly monitoring incoming traffic on the DSL line. I was hoping that this would be sufficient horsepower. Now I just need to find a box of the right size that's not as noisy as the Sparc20 I was going to use <lol>

Steve

*********** REPLY SEPARATOR  ***********

On 11/5/2003 at 4:58 PM Harry McGregor wrote:

>On Wed, 2003-11-05 at 16:39, steveb7 at bblabs.net wrote:
>> In need of a little advice from the group. Would a PII/333 Celeron with
>128MB RAM have enough
>> horsepower to run Snort?
>
>This is Dependant on the amount of traffic, it probably can't fully
>monitor a loaded 100Mbit ethernet, but it is faster than what we are
>using here at USGS/TCSG.
>
>We have the following connections being routed, NATed in multiple ways,
>and monitored by a 266MHz PII.
>
>	a) 100Mbit Internal network (not monitored yet, but it is firewalled,
>for example port 25 outbound is blocked)
>
>	b) 100Mbit UA network (fully monitored with snort, and intensive
>firewall rules)
>
>	c) 100Mbit DMZ (all email/web traffic goes through the DMZ, including
>from the internal network, and it's fully monitored and firewalled)
>
>	d) 10Mbit connect to a 3Mbit FrameRelay for GeoNET (Fully monitored and
>firewalled).
>
>> I'm thinking about adding a box to my DSL line so that I can monitor
>> probes coming from the Internet.
>
>If it's just incoming traffic on a DSL line that you are concerned with
>a P75 or 486DX-40 should probably have enough horsepower to run snort on
>it effectively.
>
>>  This is for a small home LAN with no more than 3-4 users at
>> any one time.
>
>Would you be sniffing all internal traffic on your home network?
>Computer to Computer traffic through a hub or mirrored switch port?  If
>not, then almost any hardware you can find will have no problems running
>snort on your DSL line.
>
>			Harry
>>
>> Steve
>>
>> _______________________________________________
>> tfug mailing list
>> tfug at tfug.org
>> http://www.tfug.org/mailman/listinfo/tfug
>--
>--
>Harry McGregor, CEO, Co-Founder
>Hmcgregor at osef.org, (520) 661-7875 (CELL)
>Open Source Education Foundation, http://www.osef.org
>A non-profit tax exempt charitable organization
>
>_______________________________________________
>tfug mailing list
>tfug at tfug.org
>http://www.tfug.org/mailman/listinfo/tfug

More information about the tfug mailing list