Re: Intro; Question

David R. Kuykendall (lares!david@uunet.uu.net)
Sat, 27 Jan 1996 11:57:03 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rob J. Nauta: "Intro"
Previous message: Jeff Williams: "Re: Timestamping"
Maybe in reply to: Dave Bailey: "Intro; Question"
Next in thread: Francois Mauchamp: "Re: Intro; Question"

> From uunet!uow.edu.au!owner-ids Fri Jan 26 18:20 CST 1996
> Date: Thu, 25 Jan 1996 15:00:27 -0700 (MST)
> From: Dave Bailey <uunet!gcsi.com!daveb>
> To: uunet!uow.edu.au!ids
> Subject: Re: Intro; Question
> Mime-Version: 1.0
> 
> On Mon, 22 Jan 1996, Fred Cohen wrote:
> 
> > At least two such systems are now in daily commercial and government use:
> > 
> > 	DIDS and CMDS
> > 
> > There are probably others as well.
> 
> I don't know CMDS.  Is that a commercial product?
> 
> I do know DIDS.  It is not a commercial product and is not generally 
> available.  It does an admirable job, but it is resource intensive (cpu 
> cycles, disk space, and operator and analyst time).  Even if it were 
> available, it would not be a solution for very many sites.

You must know the University version of DIDS.  This version was
completely trashed and rewritten.  The current version, as of 8 months
ago, could monitor 200 machines and use less then 5% of the available
network bandwith. The connection matching engine on the DIDS server
would take ~20% of the one CPU's usage on a SPARC-20; the other CPU was
being used by the Oracle database for logging history, generating
reports, and User screens.  Of course the could spike from time-to-time
based on the number of connections occuring on the network.  The system
runs without operator intervention and will Email warnings to a user.
The system will also take actions based on warning levels of a
connection.  It can be installed on a remote machine from the DIDS
server.  It uses an encrypted communication channel to the hosts for
the transfer of information.  It can tell you when it's proccesses are
under attack.

If it were available for commercial sites, it would sell like hot cakes!

> 
> Stalker (an outgrowth of Haystack--specialized fot Sun systems) is the 

[ Cut, Cut, Cut... .]

> 
> This, of course, was the point of my question.
> 
> ---D
> 

 ===============
 David R. Kuykendall             Email : david@lares.com
 LARES Technology, Inc.          Phone : (210) 558-3422
 4115 Goshen Pass                Fax   : (210) 691-8917
 San Antonio, Tx 78230           Info  : info@lares.com

Next message: Rob J. Nauta: "Intro"
Previous message: Jeff Williams: "Re: Timestamping"
Maybe in reply to: Dave Bailey: "Intro; Question"
Next in thread: Francois Mauchamp: "Re: Intro; Question"