""Lupi, Guy"" wrote in message ... > I am not a security specialist, so please bear with me if this is what every > IDS device does. I am looking for advice/opinions on a device that can > accomplish the following, I was looking at the Cisco 4250 XL IDS sensor. > > Inspect over 400 Mbps of traffic from at least 4,000 IP subnets.
I think I have said the following on this list several times in the past: There are only two types of packet capture devices (sniffer, IDS, etc): 1) free Unix-based 2) commercial Unix-based In category 1) you have tcpdump, tcptrace, ethereal, snort In category 2) you have Nisksun NetVCR for layers 2-4 performance, security, etc and Unispeed Netlogger for layers 5-7 security, cybergeography, data warehouse, etc Use NetVCR if you want IP/UDP/TCP stats and use Netlogger for HTTP. > Identify old worms and viruses, be updated to recognize new ones and > generate alarms. > > Must be configurable so that custom packet combinations and IP's that exceed > a certain packets per second threshold can be defined and generate alarms. Use Snort. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74451&t=74442 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html