Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
When I saw Grommish’s reminder to turn on hardware acceleration, because of the impact on throughput, it made me wonder what performance people are getting with IDS / IPS enabled. I remember that I had to enter a rule to exclude deep packet inspection of https traffic from my news server, because back then the Shield was unable to process this much traffic.
Please post what throughput you get with what settings of IDS / IPS (Snort or Suricata) you are using (preferably the command). I can imagine that you actually optimize the settings so that the Shield is able to perform with maximum inspection, while still hitting the maximum bandwidth of your broadband.
Running Itus Shield v2 Firmware
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
|
When i was messing with snort++(snort3) I was seeing nearly full throughput and was loading a MASSIVE amount of rules..
If you are willing to work with me, we can test Snort++. I have never worked with IDS/IPS and was working with Snort3 because it was a challenge and Itus was using snort2.x originally. Suricata I'm also working on, However.... It seems Suricata is completely broken for mips64 (https://forum.suricata.io/t/suricata6-0-0-beta1-on-openwrt-illegal-instruction-error/572/12, so I'm just now pivot'ing back to Snort3. If you are interested, let me know.. You can find me on Google Hangouts (grommish@gmail.com) or on the Discord I setup (https://discord.gg/mnrmUaa)
Running Itus Shield v2 Firmware
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
|
Without Snort3
With Snort3 Below is the console output.. That being said, it's in no way optimized, and the rules are the straight community ruleset.
... [show rest of quote]
Running Itus Shield v2 Firmware
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
|
And, just like that, by turning it to Active rather than Passive, I picked up a a bit of through-put
... [show rest of quote]
Running Itus Shield v2 Firmware
|
Free forum by Nabble | Edit this page |