[Discuss] running Snort on a consumer-grade router

Chris O'Connell omegahalo at gmail.com
Mon Jan 23 06:43:02 EST 2012


A couple of ideas on installing Snort on small devices.  While I don't know
much about compiling Snort on routers, there are two devices I might
recommend that have small footprints:
The first is the Efika MX which has an 800Mhz ARM CPU, 8 GB of SSD storage,
a NIC, Wifi and I think a GB of ram.  The Efika also runs a customized
version of Ubuntu.  The device is very solid and I've had one running
Nagios for months without needing a reboot.  Cost = $129.
http://outlookoutbox.blogspot.com/2011/11/genesi-efika-mx-open-client-review-and.html

The other device I've purchased but not had the opportunity to play with is
the Dreamplug.  The specs are similar but the Dreamplug has two NICs, only
512MB of ram and a 1.2Ghz ARM cpu.  The cost is  $159.
http://www.globalscaletechnologies.com/c-5-dreamplugs.aspx

Chris

On Thu, Jan 19, 2012 at 5:25 PM, Tom Metro <tmetro-blu at vl.com> wrote:

> David Miller wrote:
> > In my experience most consumer routers barely have enough cpu power to
> > get out of their own way.
>
> As mentioned elsewhere, the Asus RT-N16 is a newer class of router with
> beefier hardware than your typical WRT54G-era box. 128 MB of RAM and a
> 480 MHz CPU:
> http://infodepot.wikia.com/wiki/Asus_RT-N16
>
> And that's the hardware I'd be using. (This model was released in mid
> 2009, and even today there are only a handful of routers in the same
> price class with a faster CPU, and of those almost none have as much RAM.)
>
>
> > I'd love to see a speedtest.net with and without
> > snort to see what sort of impact it has on performance.
>
> Yes, that would be a good comparison to make.
>
>
> > At home I'm currently running snort on an embedded Alix (800MHz AMD
> > Geode cpu) w/ 256mb of ram on pfSense.
>
> I'm familiar with the Alix boards, have written about them here before,
> and considered them. At the time they were selling in the ~$150 range
> after you added a power supply and enclosure. The specs are hard to beat
> for that price.
>
> I had interest in FreeBSD/pfSense due to its ability to run in a fail
> over configuration on redundant hardware. I believe they've since hacked
> up an equivalent solution for Linux/iptables.
>
> I'm hoping we'll see some of the consumer routers switch to ARM CPUs,
> and less proprietary switch hardware, which should hopefully permit
> FreeBSD to run on them. I suspect we will see 800 MHz+/128 MB+ consumer
> routers in the $100 range in 2012. (There are already non-router
> consumer products with these specs, like http://www.tonidoplug.com/, but
> they lack built-in switches. In theory, you could pair it up with a $50
> 5-port switch that does VLAN tagging[1].)
>
> 1. http://www.newegg.com/Product/Product.aspx?Item=N82E16833122342
> (This does port mirroring too. Perhaps the same low cost switch someone
> mentioned at the talk.)
>
>
> > It seems to run on this reasonably well on it but you still have to
> > be careful as to what rule sets you enable and which Memory
> > Performance option you use.
>
> Good to know. Thanks.
>
>  -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
Chris O'Connell
http://outlookoutbox.blogspot.com



More information about the Discuss mailing list