On Thu, 28 Jul 2005, Jason Heschel wrote: > Hi list, > > I tried sending this to a SecurityFocus list but I think everyone's at > Blackhat or something. :) > > We've spent the last few weeks evaluating nSight (www.intrusense.com). > It's been very helpful in identifying exactly what, when and who is > eatting up all of our internal network bandwdith as well expose some > 'strange' internal network behavior which was causing some > intermittent problems with our Windows hosts. Anyways, we're now > considering making a purchase. > > I'm curious to hear any opinions, problems or praise people have for > this software. Does it scale well? It seems to collect a lot of > information. How does it perform after collecting several months worth > of data?
While I'm not familiar with this product itself, this sounds like a knockoff of the Arbor product - which I LOVE, but which even the worlds largest NSPs cringe at in terms of price. If you have rudimentary shell scripting skills with just a touch of C, you can easily roll your own using netflow records. Barring that, this class of software provides useful information and I recommend them (by class) as "must have's" to any medium or larger network. HTH, //Alif _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
