[Discuss] running Snort on a consumer-grade router
Tom Metro
tmetro-blu at vl.com
Thu Jan 19 17:25:20 EST 2012
David Miller wrote:
> In my experience most consumer routers barely have enough cpu power to
> get out of their own way.
As mentioned elsewhere, the Asus RT-N16 is a newer class of router with
beefier hardware than your typical WRT54G-era box. 128 MB of RAM and a
480 MHz CPU:
http://infodepot.wikia.com/wiki/Asus_RT-N16
And that's the hardware I'd be using. (This model was released in mid
2009, and even today there are only a handful of routers in the same
price class with a faster CPU, and of those almost none have as much RAM.)
> I'd love to see a speedtest.net with and without
> snort to see what sort of impact it has on performance.
Yes, that would be a good comparison to make.
> At home I'm currently running snort on an embedded Alix (800MHz AMD
> Geode cpu) w/ 256mb of ram on pfSense.
I'm familiar with the Alix boards, have written about them here before,
and considered them. At the time they were selling in the ~$150 range
after you added a power supply and enclosure. The specs are hard to beat
for that price.
I had interest in FreeBSD/pfSense due to its ability to run in a fail
over configuration on redundant hardware. I believe they've since hacked
up an equivalent solution for Linux/iptables.
I'm hoping we'll see some of the consumer routers switch to ARM CPUs,
and less proprietary switch hardware, which should hopefully permit
FreeBSD to run on them. I suspect we will see 800 MHz+/128 MB+ consumer
routers in the $100 range in 2012. (There are already non-router
consumer products with these specs, like http://www.tonidoplug.com/, but
they lack built-in switches. In theory, you could pair it up with a $50
5-port switch that does VLAN tagging[1].)
1. http://www.newegg.com/Product/Product.aspx?Item=N82E16833122342
(This does port mirroring too. Perhaps the same low cost switch someone
mentioned at the talk.)
> It seems to run on this reasonably well on it but you still have to
> be careful as to what rule sets you enable and which Memory
> Performance option you use.
Good to know. Thanks.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list