[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IDS for high bandwidth?


Has anybody here ideas or experience in building an Intrusion Detection
System for a big network i.e. at least several hundred MBit/s with focus on
detection of (D)DoS and worm attacks (e.g. sudden activity peaks towards one
system or well known worm patterns from systems)?

Last time I checked "snort", it seems it could only handle some ten MBit/s
even on a good hardware so I wonder if such a thing can be implemented with
a (or a cluster of?) PCs and free software at all.



P.S.: Recommendations for hardware appliances and non-free software are
      welcome, too, of course, but maybe per mail if they are too off-topic.

Reply to: