Why "carnivore" type systems can't be (entirely) open source
Nexus
nexus at patrol.i-way.co.uk
Thu, 1 Feb 2001 11:45:20 -0000
IDS's, as with any product, will vary - YMMV as does your suituation.
The biggest issue with them is the manpower resources required to actually
monitor and act (or not) on what is being reported - if you don't have a
large enough group to have it manned 24/7 then you may just get a forenisc
style report, after the fact ;-)
Cheers,
JJ
----- Original Message -----
From: "Ben Laurie" <ben@algroup.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Thursday, February 01, 2001 10:01 AM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source
> Richard Clayton wrote:
> > >I could be
> > >mistaken about this, but I was under the impression that packet
> > >fragmentation is in practice pretty rare.
> >
> > yes - it does happen from time to time though ... so in the IDS realm
> > waking up a sysadmin to report it ("danger will robinson, there is a
> > hack going on") is almost certainly a mistake. [that's not to say that
> > an IDS shouldn't be spotting particular forms of fragmentation and
> > getting very excited indeed]
>
> Aha. IDSes. So, does anyone have an IDS that they think is actually
> useful (on a large scale, that is - being useful to protect a small
> number of computers is not of interest)?
>
> Cheers,
>
> Ben.
>
> --
> http://www.apache-ssl.org/ben.html
>
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
>
>
____________________________________________
http://1cis.com
Free E-mail Servers with unlimited mailboxes
1st Class Internet Solutions