[48392] in North American Network Operators' Group
IDS experience's
daemon@ATHENA.MIT.EDU (Brandon Knicely)
Fri May 31 14:28:54 2002
Reply-To: <bknicely@nyc.rr.com>
From: "Brandon Knicely" <bknicely@nyc.rr.com>
To: "Nanog@Merit. Edu" <nanog@merit.edu>
Date: Fri, 31 May 2002 14:28:56 -0400
Errors-To: owner-nanog-outgoing@merit.edu
IDS's have been around awhile but recently became interested in their
usefulness. I was wondering if I could get some group feedback on the
following:
1. How many folks have actually deployed either a NID, NNID or HID system?
2. Have they been useful or just generated noise and excess cycles? (1 -
waste of time, 10 - water walker)
3. Any 'real-world' comparative/useful data and/or opinion on different
approaches...ie pattern matching, anomoly detection and/or data mining
approaches?
4. Any feedback on Snort, ISS, Cisco or Symantec? Or other newer/different
approaches ie Okena?
5. Other general good information, ie issues, gripes, etc.?
I would appreciate any help, feel free to contact direct or list and will
summarize.
thanks,
Brandon
