Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

halvar, record gigabit networking? IDS for forensics?

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 17 Nov 2006 04:52:30 -0600 (CST)
http://www.packetstormsecurity.org/sniffers/tm-20061111-0.tar.gz

The timemachine can record the entire contents of a high-volume network
traffic stream in order to later "travel back in time" and inspect
activity that has only become interesting in retrospect. Two examples of
use are security forensics (determining just how an attacker compromised a
given machine) and network trouble-shooting, such as inspecting the
precursors to a fault after the fault. The timemachine is designed to work
in Gigabit environments and to store several days of network traffic.

By TU Munich, TU Berlin, ICSI
http://www.net.t-labs.tu-berlin.de/research/tm/

It sounds cool, but all I can really say having worked in such
enviroments is "right", cynically. More useful than IDS for sure, though,
if what you want is forensics (and actually have a way to sort through
this if it really works and if it really catches everything - not to
mention if my network is even that centralized)

        Gadi.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: