When I saw Grommish’s reminder to turn on hardware acceleration, because of the impact on throughput, it made me wonder what performance people are getting with IDS / IPS enabled. I remember that I had to enter a rule to exclude deep packet inspection of https traffic from my news server, because back then the Shield was unable to process this much traffic.
Please post what throughput you get with what settings of IDS / IPS (Snort or Suricata) you are using (preferably the command). I can imagine that you actually optimize the settings so that the Shield is able to perform with maximum inspection, while still hitting the maximum bandwidth of your broadband.
Running Itus Shield v2 Firmware
|
Administrator
|
When i was messing with snort++(snort3) I was seeing nearly full throughput and was loading a MASSIVE amount of rules..
If you are willing to work with me, we can test Snort++. I have never worked with IDS/IPS and was working with Snort3 because it was a challenge and Itus was using snort2.x originally. Suricata I'm also working on, However.... It seems Suricata is completely broken for mips64 (https://forum.suricata.io/t/suricata6-0-0-beta1-on-openwrt-illegal-instruction-error/572/12, so I'm just now pivot'ing back to Snort3. If you are interested, let me know.. You can find me on Google Hangouts (grommish@gmail.com) or on the Discord I setup (https://discord.gg/mnrmUaa)
Running Itus Shield v2 Firmware
|
Administrator
|
Without Snort3
With Snort3 Below is the console output.. That being said, it's in no way optimized, and the rules are the straight community ruleset.
Running Itus Shield v2 Firmware
|
Administrator
|
And, just like that, by turning it to Active rather than Passive, I picked up a a bit of through-put
Running Itus Shield v2 Firmware
|
Free forum by Nabble | Edit this page |