Yes.
This is why OpenBSD is the only choice..
Here is the proof..
http://www.anzen.com/research/research_perform.html
Linux, NT and Solaris pale in comparison.
acs
On 16-Oct-99 Jeff Duffy wrote:
> <snip>
>
>> But! Why not go further and have an active
>> sniffer box even? Which logs specific traffic and lives on another
>> machine than the one monitored? This is more elegant... use the linux box
>> for the sniffer...
>
> </snip>
>
> A worthy task; basically an IDS w/ host-specific key capturing. As far
> as the sniffer goes, I've had some troubles in the past with Linux
> acting as a full-bore sniffer dropping significant numbers of packets.
> The NFR site (http://www.nfr.com) explains this phenomenon:
>
> " The libpcap library uses another method to extract packets from the
> kernel on Linux.
> The code for this method does not appear to be written with performance
> in mind. Programs such as NFR, which use libpcap to read packets from
> the interface in promiscuous mode, will experience significant packet
> loss on any network that sees traffic of several megabits per second or
> more."
>
> My solution was to use a FreeBSD box for my IDS, though I still prefer
> Linux on my desktop machines.
>
> Just my .02
> --
> Jeff Duffy
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
_________________
Aaron C. Springer
pgp key published
_________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
