Full Disclosure mailing list archives
Re: Considering nSight, any opinions?
From: "J.A. Terranson" <measl () mfn org>
Date: Thu, 28 Jul 2005 10:43:09 -0500 (CDT)
On Thu, 28 Jul 2005, Jason Heschel wrote:
Hi list, I tried sending this to a SecurityFocus list but I think everyone's at Blackhat or something. :) We've spent the last few weeks evaluating nSight (www.intrusense.com). It's been very helpful in identifying exactly what, when and who is eatting up all of our internal network bandwdith as well expose some 'strange' internal network behavior which was causing some intermittent problems with our Windows hosts. Anyways, we're now considering making a purchase. I'm curious to hear any opinions, problems or praise people have for this software. Does it scale well? It seems to collect a lot of information. How does it perform after collecting several months worth of data?
While I'm not familiar with this product itself, this sounds like a knockoff of the Arbor product - which I LOVE, but which even the worlds largest NSPs cringe at in terms of price. If you have rudimentary shell scripting skills with just a touch of C, you can easily roll your own using netflow records. Barring that, this class of software provides useful information and I recommend them (by class) as "must have's" to any medium or larger network. HTH, //Alif _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Considering nSight, any opinions? Jason Heschel (Jul 28)
- Re: Considering nSight, any opinions? J.A. Terranson (Jul 28)
- <Possible follow-ups>
- Re: Considering nSight, any opinions? Jason Heschel (Jul 28)
- RE: Considering nSight, any opinions? Darrin Maidlow (Jul 29)