[345] in Intrusion Detection Systems
No subject found in mail header
daemon@ATHENA.MIT.EDU (adamsb@un.org)
Sun Sep 17 15:24:26 1995
Date: Mon, 18 Sep 1995 01:11:27 +1000
From: adamsb@un.org
Apparently-To: ids-outgoing@wyrm.cc.uow.edu.au
> id AA811182507; Fri, 15 Sep 95 09:04:44 EST
Date: Fri, 15 Sep 95 09:04:44 EST
Message-Id: <9508158111.AA811182507@mail-in.un.org>
To: ids@uow.edu.au
Subject: Re: Remote Watch?
Sender: owner-ids@wyrm.cc.uow.edu.au
Precedence: bulk
Reply-To: ids@wyrm.cc.uow.edu.au
My opinion is that a distributed sniffer system would give you a lot
more useful information than Remote Watch. HP, Network General and a
variety of other vendors sell distributed sniffer systems which can
watch all seven (ISO) layers and report back to central consoles.
While these devices are primarily for network management, they can also
be set up to save snapshots of activity to disk when certain events,
such as the intrusion by a nasty, occurs. However, sombody, not some
program, has to look at what these devices show.
Hog Farmer,
Tropical Hog Improvement Programme
P.S. If anybody knows of an intrusion detection system that protects
Windows NT servers, I would really like to hear about it.
