Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > forensics > 03 > 010191.html (Request Expert securityfocus.com Support)

RE: IDS and forensics

From: William Sykes <wsykes(at)deepnines.com>
Date: Mon Jan 27 2003 - 10:11:15 EST

I know it is not best practice to try to sell anything on this list but our product does what you are looking for. The DeepNines FCS Capture has the ability to capture every packet both ingress and egress. It logs them all to an Oracle database for forensic mining. The FCS Tool allows you to query any packet in the database based on many different criteria.(time stamp, mac header, source ip, dest ip, source port, dest port..action , direction etc...) This is a brand new feature so I would like to get some feedback from you all as to what administrators might think would be valuable info / practices for such a tool.

The data capture was originally designed to compliment the Sleuth9 Intrusion Prevention System. The Sleuth9 sits inline in front of the router. The FCS was to capture the attacks that Sleuth9 was mitigating, but we found that alot of people simply wanted to capture all of the data.

There is not alot of data regarding this FCS mining Tool on our site, but I would be glad to entertain any questions or suggestions.

-William

On Fri, 2003-01-24 at 15:21, Tom Arseneault wrote:
> It is very configurale but has a number of drawbacks. First it uses tcpdump 

-- 
William Sykes 
Systems Engineer
DeepNines


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com
Received on Thu Jan 30 06:21:55 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:43 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library