Hi, I'd like to recommend the following:
1. Use a network card that provides 100% packet capture like Endace DAG http://www.endace.com/dag-network-monitoring-cards.html 2. Barnyard http://sourceforge.net/projects/barnyard/ 3. Net Optics 10/100/1000 Dual Port Aggregator Tap (This will tap two full-duplex connections and send all traffic to the monitoring ports where Snort sensors are listening) http://www.netoptics.com/products/product_family_details.asp?cid=4&pid=213&Section=products&menuitem=4&tag=NetOptics+aggregation+Taps On Fri, Dec 11, 2009 at 6:12 PM, Nils <[email protected]> wrote: > What hardware are you guys using for your IDS systems? > > We are monitoring a 1000Mbit/s link with an average bandwidth of > 30Mbit/s. A second link with a similar bandwidth will follow. > After a successful test with a small system we'd like to order a > dedicated server. Preferably HP DL xyz G4 or G5. > OS wise we are tight to Red Hat Enterprise 5.4, IDS software is Snort > with BASE, maybe switching to Anval. > > Any recommendations from the field? > > Thanks, > Nils > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Best Regards, http://extremesecurity.blogspot.com http://www.linkedin.com/in/aalqarta http://www.experts-exchange.com/M_3011930.html http://www.liveperson.com/extremesecurity-labs
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
