IDS for high bandwidth?
Has anybody here ideas or experience in building an Intrusion Detection
System for a big network i.e. at least several hundred MBit/s with focus on
detection of (D)DoS and worm attacks (e.g. sudden activity peaks towards one
system or well known worm patterns from systems)?
Last time I checked "snort", it seems it could only handle some ten MBit/s
even on a good hardware so I wonder if such a thing can be implemented with
a (or a cluster of?) PCs and free software at all.
P.S.: Recommendations for hardware appliances and non-free software are
welcome, too, of course, but maybe per mail if they are too off-topic.