Date: Wed, 28 May 2003 17:54:07 -0400 From: Michael Conlen <meconlen@obfuscated.net> To: freebsd-performance@freebsd.org Subject: High performance IDS/Firewall Message-ID: <3ED52FFF.3060903@obfuscated.net>
next in thread | raw e-mail | index | archive | help
I'm considering setting up a FreeBSD firewall/IDS system to handle 60-80Mbit/sec of traffic. The box would have three adapters, two of them bridging and one for access. I will place the IDS on the outside bridge interface and apply IPFW rules on the system as needed. My concern is what the failure order is if the system is under heavy load. My perfered order would be snort (libpcap) drops packets and snort fails to detect firewall fails to block system drops packets as it's more important for the system to be running than to identify or block the things we are trying to identify and block. Is this the order things would fall over, or am I likely to cause the system to drop packets as soon as things get ugly. PS: I'm considering a dual p4 2Gz 4GB of memory system, and SCSI-3 disk subsystem. and there's only one server on the "inside" of this network, so I don't think I'll have a major failure situation, unless someone suddenly generates over 20Mbit of DOS traffic, and those people usually go after the router... -- Michael Conlen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ED52FFF.3060903>