Firewall Wizards mailing list archives
Re: Time for a new FWTK?
From: Bennett Todd <bet () rahul net>
Date: Fri, 28 Nov 1997 04:09:01 -0800
1997-11-27-04:09:30 Craig Brozefsky:
Tho for some reaons I think that this "reactive" securty software has a long way to go from pipe dream, to effective software tool.
If you haven't done so yet, I encourage you to take a look at Network Flight Recorder[1]. I'm reading the manuals now. It looks like a pretty nifty piece of work. It's early to say yet whether this implementation will be the successful pioneer that carries us through this next revolution, but it certainly shows the direction. Network Flight Recorder is a packet sniffer. It has various layers of filtering; there are all sorts of highly-efficient built-in filters and data reduction elements, and there's a general-purpose programming language in which you can write more; then you get to choose what data gets logged and details about how it should be retained. Then you've got your query programs and alert monitors. It looks like the kind of flexible tool that will fairly quickly produce the answer to the hard question ``what do you _look_ for, to catch attacks in the act''. -Bennett [1] <URL:http://www.nfr.net/nfr/>
Current thread:
- RE: Time for a new FWTK? Stout, William (Nov 26)
- <Possible follow-ups>
- RE: Time for a new FWTK? Bret Watson (Nov 26)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- Re: Time for a new FWTK? Bennett Todd (Nov 28)
- Re: Time for a new FWTK? Craig Brozefsky (Nov 28)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- New firewall paradigms, anyone ? Darren Reed (Nov 28)
- Re: New firewall paradigms, anyone ? Marcus J. Ranum (Nov 28)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- RE: Time for a new FWTK? Bret Watson (Nov 28)
- RE: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- Re: Time for a new FWTK? Mike Shaver (Nov 29)