Hosting Provided By

Re: IDS and forensics

From: Dragos Ruiu <dr(at)kyx.net>
Date: Thu Jan 30 2003 - 05:10:32 EST

On January 27, 2003 03:11 pm, William Sykes wrote:
> I know it is not best practice to try to sell anything on this list but

I guess I had better not be sending or receiving more than about a thousand packets per second then if I want to do any "forensic mining" without losing data. :-)

Well, maybe two if I shell out for a really expensive DB machine. :-) :-) :-P

I'm not knocking Oracle, it really is one of the finest SQL databases out there.... but wiring your NIC capture straight to Oracle is a bad idea. That 's why people started using IDSes....

cheers,
--dr

-- 
dr(at)kyx.net   pgp: 
http://dragos.com/ kyxpgp
http://cansecwest.com


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Sun Feb 2 09:30:03 2003

This message: [ Message body ]
Next message: Brian Carrier: "Re: Identifying Win2K/XP Encrypted Files"
Previous message: ktimm: "Re: IDS and forensics"
In reply to William Sykes: "RE: IDS and forensics"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:43 EDT

Do you need help?