RE: IDS on VPN-GW

From: Rob Shein (shoten@starpower.net)
Date: 12/03/02

  • Next message: Gianni Tedesco: "[ANN]: Firestorm 0.5.1 released"
    From: "Rob Shein" <shoten@starpower.net>
    To: "'Keith T. Morgan'" <keith.morgan@terradon.com>, <counter.spy@gmx.de>
    Date: Mon, 2 Dec 2002 18:31:38 -0500
    
    

    How well did Snort keep up, however? I can't believe it wasn't missing
    packets at that point...

    -----Original Message-----
    From: Keith T. Morgan [mailto:keith.morgan@terradon.com]
    Sent: Monday, December 02, 2002 10:05 AM
    To: counter.spy@gmx.de
    Cc: focus-ids@securityfocus.com
    Subject: RE: IDS on VPN-GW

    We've deployed this scenario on Linux + Free S/Wan running snort on all
    physical interfaces and all ipsecX interfaces for folks. The fastest
    wire-speed we've had on one of these deployments is T1, and a PIII450
    has handled VPN traffic at wirespeed even with the added load of snort.
    Sorry I don't have any higher-bandwidth benchmarks for you.

    -----Original Message-----
    From: counter.spy@gmx.de [mailto:counter.spy@gmx.de]
    Sent: Friday, November 29, 2002 4:20 AM
    To: focus-ids@securityfocus.com
    Subject: IDS on VPN-GW

    Hi folks,
    I have recently tested snort on a vpn-gateway that runs on linux (just
    for testing purposes, no productive server).