IDS for high bandwidth?

To: debian-isp@lists.debian.org
Subject: IDS for high bandwidth?
From: Christian Hammers <ch@lathspell.de>
Date: Tue, 3 Aug 2004 00:18:03 +0200
Message-id: <[🔎] 20040803001803.18b49a2f@app109.intern>

Hello

Has anybody here ideas or experience in building an Intrusion Detection
System for a big network i.e. at least several hundred MBit/s with focus on
detection of (D)DoS and worm attacks (e.g. sudden activity peaks towards one
system or well known worm patterns from systems)?

Last time I checked "snort", it seems it could only handle some ten MBit/s
even on a good hardware so I wonder if such a thing can be implemented with
a (or a cluster of?) PCs and free software at all.

bye,

-christian-

P.S.: Recommendations for hardware appliances and non-free software are
      welcome, too, of course, but maybe per mail if they are too off-topic.

Reply to:

Prev by Date: File was infected with a virus
Next by Date: LILO & Software RAID1 boot= & raid-boot-extra
Previous by thread: File was infected with a virus
Next by thread: LILO & Software RAID1 boot= & raid-boot-extra
Index(es):
- Date
- Thread