Firewall Wizards mailing list archives
IDS with traffic analysis (basically) = sniffer
From: "John Kozubik" <john_kozubik_dc () hotmail com>
Date: Sat, 30 Jan 1999 18:34:09 PST
Just a note - if you are doing traffic analysis (as opposed to content analysis) with an IDS, you are basically recording _every_ packet that comes through. Therefore, for all practical purposes, the IDS _is_ a sniffer. Commercial sniffing packages will be better, however, at analyzing attacks in progress (i.e. put the sniffer in the DMZ and watch what is happening) whereas the IDS is more of a reference to look back upon and analyze. kozubik - John Kozubik - john_kozubik () hotmail com PGP DSS: 0EB8 4D07 D4D5 0C28 63FE AD87 520F 57BE 850B E4C4 ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- IDS with traffic analysis (basically) = sniffer John Kozubik (Feb 01)
- Re: IDS with traffic analysis (basically) = sniffer Perry E. Metzger (Feb 02)
- Re: IDS with traffic analysis (basically) = sniffer dreamwvr (Feb 03)
- Re: IDS with traffic analysis (basically) = sniffer Perry E. Metzger (Feb 02)