|
The Snort NIDS on the
Intel IXP2400 and IXP2800 NPU
Comm Logic Design, Inc. has developed an implementation
of the Snort network intrusion detection system's detection engine in
microcode running on the IXP2400. The network detection engine is run in
simulation on the Intel IXP2400 developer's workbench with Consystant
StrataNP.
Consystant Snort
Transactor
The snort detection engine relies upon a ternary CAM for
performing a first stage of packet classification in the process of
processing snort rules against a stream of packets. The combination of the
IXP2400 network processor and the TCAM enables the snort detection engine
to perform the intrusion detection function at speeds not achievable on
the platforms where the snort network intrusion detection system is
typically run.
The snort simulation runs with a model of a "generic"
TCAM implemented in the developer workbench's scripting language. The
snort microcode has been modified to support TCAM silicon available from
the various TCAM vendors in the marketplace. The snort application can be
similarly simulated in StrataNP using a developer's workbench foreign
model provided by the TCAM vendor. The resulting microcode can also be
executed on target hardware containing an IXP2400 and the vendor's TCAM.
The snort detection engine is implemented as an Intel
Portability Framework "microblock". The snort microblock provides several
configuration options. The microblock can also be combined with other
microblocks enabling generation of microcode supporting several possible
hardware configurations.
Comm Logic Design is licensing versions of the snort
detection engine microblock that operate with various vendors TCAM and,
search and classification engines, to parties interested in using the code
as an IP "core" much like IP cores are available for FPGA and ASIC
designs.
|
