FAQ: See http://www.ticm.com/kb/faq/idsfaq.html IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems.. Then email questions to ids-owner@uow.edu.au NOTE: You MUST remove this line from reply messages as it will be filtered. SPAM: DO NOT send unsolicted mail to this list. USUB: email "unsubscribe ids" to majordomo@uow.edu.au --------------------------------------------------------------------------- On Wed, 24 Feb 1999, Mark Curphey wrote: > I have used RealSecure on a very loaded FDDI ring (70% permanatly) and the only > problem was the PC being able to keep up. ISS say they can match about 20,000 > packets a sec now... does RealSecure implement a loadable kernel module to assist in this? because the current Solaris bufmod is broken, wrt sniffing - see our performance numbers at http://www.anzen.com/products/nfr/testing/ or just ask Sun security engineer Casper Dik. :-) does RealSecure even report how many packets it's dropping? how many Mbps are you actually seeing? or isn't there a way to measure that? > NFR looks great and the concept of being able to write sigs etc is excellent. > Whhat a pedigree. Trouble is in the real world how many people have time to code > the couple of hunderd attack sigs we need? you can buy it from my employer, Anzen Computing (who has an IDS N-code package) or get free N-code available from the l0pht or NFR themselves. additionally, the l0pht has been contracted to write many new filters for NFR... http://www.anzen.com/cgi-bin/nfrdemo http://www.nfr.net/news/press/19990301-l0pht-filters.html http://www.l0pht.com/NFR/ http://www.nfr.net/packages/nfr.html -d. --- http://www.monkey.org/~dugsong/