Well, my experience with nessus and snort on various platforms and OS's, show a clear performance edge using PC'ish hardware over Sun hardware. My current favorite is FreeBSD on a dual Athlon MP Tyan motherboard, 1.5G ram, 1.5GHZ CPU's (1900+'s), 64 bit Intel Gig ethernet card.... etc. System cost <2000$, and faster than anything Sun can produce in 2 processors - by yards....
For some real-world CPU performance numbers check out distributed.net's numbers for all their tests - Sun's rank the lowest (that's ANY Sun, not just workstations), AMD's and occaisionally G3/G4 cpu's rank the highest. For network stack performance (not really applicable to snort, but perhaps for nessus) Linux and FreeBSD keep 1-uping each other. Pentium 4's are not players - they need 2ghz clock rates to do as well as PIII's do at 1ghz on a lot of tests :-) Now, having inflamed all Sun lovers out there - let me say one thing - If I want a carrier class/telco central office class piece of hardware - and absolute performance is not a factor - uptime is - then Solaris/Sparc is my only choice - nothing else I know comes close. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of SULLIVAN, AARON R (PB) Sent: Wednesday, March 20, 2002 7:01 PM To: 'Michael Scheidell'; [EMAIL PROTECTED] Subject: RE: nessus ultrasparc 500mhz performance vs intel 850 Are you talking about LAN performance? In my experience, running on an ultra10/400MHZ vs an intel chip (in this case, an 866), the competition is pretty even when running a scan with default configurations... obviously it doesn't take much CPU time to do most of what is being done. Available RAM is usually the deciding factor. On top of that, if you're scanning across a WAN link that's < 45Mb, then both machines are going to look pretty even with each other. However, if, for instance you're running 50 simultaneous scans, 20 checks at a time, with DOS attacks enabled, on an otherwise un-utilized 100Mb network, then I think you'll see the x86 based machine win in the end (assuming equal amounts of RAM) over anything that is workstation class sun hardware (which is what I am assuming that you're running). IMHO workstation class sun hardware sucks--largely due to front-side-bus that runs about as fast as my old 486 motherboard does. This, of course, is quite apparent when the majority of what you are doing is cpu and memory interaction with a network card. Sun says that they have a superior backplane, (they claim on the web page that it's the fastest PCI bus around)... and perhaps with more tuning in the code, nessus would run better on sun hardware... but in my experience, you're better off with a beefy x86 based system... especially if that system has a 64 bit PCI slot for a NIC. Don't want to sound like I'm biased here... but the proof's in the pudding. -----Original Message----- From: Michael Scheidell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 5:52 PM To: [EMAIL PROTECTED] Subject: nessus ultrasparc 500mhz performance vs intel 850 Was wondering if anyone had a feeling, opinion, gripe or brain fart when thinking about a sun ultrasparc 500mhz running Solaris 8 vs an Intel 850mhz running FREEBSD. I know that all chips are not made alike, and that some 500mhz chip MIGHT run faster than another 850mhz chip, so, anyone have any real numbers on both? -- Michael Scheidell SECNAP Network Security, LLC (561) 368-9561 [EMAIL PROTECTED] http://www.secnap.net
