On January 27, 2003 03:11 pm, William Sykes wrote: > I know it is not best practice to try to sell anything on this list but > our product does what you are looking for. The DeepNines FCS Capture > has the ability to capture every packet both ingress and egress. It logs > them all to an Oracle database for forensic mining. The FCS Tool allows > you to query any packet in the database based on many different > criteria.(time stamp, mac header, source ip, dest ip, source port, dest > port..action , direction etc...) This is a brand new feature so I would > like to get some feedback from you all as to what administrators might > think would be valuable info / practices for such a tool. > <chuckle> I guess I had better not be sending or receiving more than about a thousand packets per second then if I want to do any "forensic mining" without losing data. :-) Well, maybe two if I shell out for a really expensive DB machine. :-) :-) :-P I'm not knocking Oracle, it really is one of the finest SQL databases out there.... but wiring your NIC capture straight to Oracle is a bad idea. That 's why people started using IDSes.... cheers, --dr -- drat_private pgp: http://dragos.com/ kyxpgp http://cansecwest.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Feb 02 2003 - 06:30:17 PST