Re: Re[2]: IDS: Network Intrusion Detection
Dug Song (dugsong@monkey.org)
Wed, 24 Mar 1999 10:18:00 -0500 (EST)
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------
On Wed, 24 Feb 1999, Mark Curphey wrote:
> I have used RealSecure on a very loaded FDDI ring (70% permanatly) and the only
> problem was the PC being able to keep up. ISS say they can match about 20,000
> packets a sec now...
does RealSecure implement a loadable kernel module to assist in this?
because the current Solaris bufmod is broken, wrt sniffing - see our
performance numbers at
http://www.anzen.com/products/nfr/testing/
or just ask Sun security engineer Casper Dik. :-)
does RealSecure even report how many packets it's dropping? how many Mbps
are you actually seeing? or isn't there a way to measure that?
> NFR looks great and the concept of being able to write sigs etc is excellent.
> Whhat a pedigree. Trouble is in the real world how many people have time to code
> the couple of hunderd attack sigs we need?
you can buy it from my employer, Anzen Computing (who has an IDS N-code
package) or get free N-code available from the l0pht or NFR themselves.
additionally, the l0pht has been contracted to write many new filters for
NFR...
http://www.anzen.com/cgi-bin/nfrdemo
http://www.nfr.net/news/press/19990301-l0pht-filters.html
http://www.l0pht.com/NFR/
http://www.nfr.net/packages/nfr.html
-d.
---
http://www.monkey.org/~dugsong/