[Soekris] Wireless IDS/IPS best choice
farlies
farlies at gmail.com
Wed Nov 22 22:37:45 UTC 2006
> Some days ago I've been asked to create for my company a
> Wireless IDS/IPS system using soekris net4801.
>
> Up to now, to start, I'm using Pyramid with Kismet which
> works pretty well. I was thinking to add snort on it.
If you succeed with this installation, I would be very interested
in hearing about the performance you/anyone can get from it, e.g.
what level of traffic can flow through the monitored interface
before pcap starts to drop packets (or, what fraction of
packets are caught under full load)? How does this vary
with a minimal rule set vs. default snort install rule set?
You did not mention which wireless protocol was being deployed,
but I'd have my doubts this platform could keep up with any
real IDS processing at 54Mbs given throughput issues
discussed on this list with the wired interfaces.
-Farlies
More information about the Soekris-tech
mailing list