At 10:18 AM 9/6/00 -0700, Aaron Schultz wrote:
>On Wed, 6 Sep 2000, Haugsness, Kyle wrote:
>
> > Aaron,
> >
> > You provide some excellent counter-points regarding NFR. They do rely on a
> > load-balancing solution to get into the 100 Mbps range. But out of the
> box,
> > they are much faster than RealSecure. My concern is that people are
> > dropping packets, but not even realizing it.
>
>Yeah, most of the companies I've spoken with won't even admit that their
>product drops things until you grill them about it.
Axent NetProwler 3.5 includes a packet counter mechanism (not sure how
reliable it is)
The NFR appliance is a very fast packet capture, but one can still overload
the NT Console portion of the product.
> > One thing that I like about NFR is that it's based on a stripped-down
> > OpenBSD kernel. The entire OS loads read-only from CD-ROM.
>
>NFR was definately one of the most promising thanks to their OpenBSD
>kernel and the idea that they actually WATCH and REACT to mailing lists
>like these. In their next version of their product I think they'll even
>support SCSI drives too :) If only I had a small enough network where I
>could use them.
The previous OpenBSD kernel had an issue of being identified via Nmap, and
I think they have resolved this issue since by turning off the system
banner message or responding with a bogus banner to the Nmap probe.. :??
/mark
> > I've also been looking for port-level monitoring from a host-based
> > commercial IDS, but haven't found much.
>
>If only one of them would actually take the time to read what we want and
>add the functionality... -dreaming-
>
>- Aaron Schultz
>- [EMAIL PROTECTED]
>------
> /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> \ / ASCII Ribbon Campaign
> X - NO HTML/RTF in e-mail
> / \ - NO Word docs in e-mail
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
