Dailydave mailing list archives
halvar, record gigabit networking? IDS for forensics?
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 17 Nov 2006 04:52:30 -0600 (CST)
http://www.packetstormsecurity.org/sniffers/tm-20061111-0.tar.gz The timemachine can record the entire contents of a high-volume network traffic stream in order to later "travel back in time" and inspect activity that has only become interesting in retrospect. Two examples of use are security forensics (determining just how an attacker compromised a given machine) and network trouble-shooting, such as inspecting the precursors to a fault after the fault. The timemachine is designed to work in Gigabit environments and to store several days of network traffic. By TU Munich, TU Berlin, ICSI http://www.net.t-labs.tu-berlin.de/research/tm/ It sounds cool, but all I can really say having worked in such enviroments is "right", cynically. More useful than IDS for sure, though, if what you want is forensics (and actually have a way to sort through this if it really works and if it really catches everything - not to mention if my network is even that centralized) Gadi. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- halvar, record gigabit networking? IDS for forensics? Gadi Evron (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? Thomas Ptacek (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? David J. Bianco (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? Bamm Visscher (Nov 19)
- Re: halvar, record gigabit networking? IDS for forensics? Nick Selby (Nov 17)
- Re: halvar, record gigabit networking? IDS for forensics? Danny Quist (Nov 19)