Re: IDS with traffic analysis (basically) = sniffer

[dreamwvr <dreamwvr () dreamwvr com>]

hi,
> "John Kozubik" <john_kozubik_dc () hotmail com> writes:
> > Just a note - if you are doing traffic analysis (as opposed to content 
> > analysis) with an IDS, you are basically recording _every_ packet that 
> > comes through.
more of a packet traffic analysis... || pattern analysis...
> > Therefore, for all practical purposes, the IDS _is_ a sniffer.  
glorified yes in fact it is a sort of net assistant rather than a some
omnipotent device that allows you to play quake all day:)
> > Commercial sniffing packages will be better, however, at analyzing 
> > attacks in progress (i.e. put the sniffer in the DMZ and watch what is 
> > happening) whereas the IDS is more of a reference to look back upon and 
> > analyze.
your right security in depth ... in all tools.
> Why?
>
> Most sniffers I've seen aren't nearly as good as NFR. Hell, most of
> them aren't as good as TCPDUMP. What makes you think "commercial
> sniffing packages" are much good at *anything*?
tcpdump and snoop are always available when in a pinch... NFR is not
but i can't comment here as i have heard great things about it i have
not used it myself.
                                                Regards,
                                                dreamwvr () dreamwvr com
> Perry
Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. 
Featuring Website Development and Web Strategies of a TOP Developer 
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
"As Unique as the Company You Keep."        "===0 PGP Key Available  
________________________________________________________________________