Why "carnivore" type systems can't be (entirely) open source

[Ben Laurie]

Richard Clayton wrote:
> >I could be
> >mistaken about this, but I was under the impression that packet
> >fragmentation is in practice pretty rare.
> 
> yes - it does happen from time to time though ... so in the IDS realm
> waking up a sysadmin to report it ("danger will robinson, there is a
> hack going on") is almost certainly a mistake. [that's not to say that
> an IDS shouldn't be spotting particular forms of fragmentation and
> getting very excited indeed]

Aha. IDSes. So, does anyone have an IDS that they think is actually
useful (on a large scale, that is - being useful to protect a small
number of computers is not of interest)?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff