Hi Jim, one idea: Sensors are monitoring traffic passive but the send the results to the event collector via your network. More (real or false) incidents cause more network traffic from any sensor.
Regards Kai Freese Projects Networking KPMG IT Service GmbH, Kurf�rstendamm 207-208, D-10719 Berlin T +49 (30) 2068 4349, F +49 (30) 2068 54349 mailto:[EMAIL PROTECTED] www.kpmg.de -----Urspr�ngliche Nachricht----- Von: Mohr James [mailto:[EMAIL PROTECTED] Gesendet: Montag, 17. November 2003 13:52 An: [EMAIL PROTECTED] Betreff: [ISSForum] Confusion about behaviour of Network Sensor Hi All! Please forgive the very newbie questions, but as the subject implies I am confused about the behavior of the Network Sensor. From what I have read, it seems that the network sensor is more or less passive. That is, it simply reads the network packets looking for problems. This is in contrast to the Internet Scanner which **actively** scans the network (i.e. port scans). (From the doc: "The network sensor monitors network packets to detect attacks or other security-related events.", and later "If you scan this network with Internet Scanner,...") One reason I am asking (other than to learn more about the system) is that my boss said that the reason we have not implemented the network sensors is that they cause too much traffic on the network, which contradicts what I understand. So, I guess the big question as to whether or not the Network Sensor causing traffic problems on the network. Any help is greatly appreaciated. Regards, Jim Mohr ELAXY Brokerage & Trading GmbH & Co KG _________________________________ James Mohr Systembetrieb Am Hofbr�uhaus 1 96450 Coburg Germany Fon +49 (0) 95 61.55 43.0 Fax +49 (0) 95 61.55 43.302 E-Mail: [EMAIL PROTECTED] --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo -- Die Information in dieser eMail ist vertraulich und kann dem Berufsgeheimnis unterliegen. Sie ist ausschliesslich fuer den Adressaten bestimmt. Jeglicher Zugriff auf diese eMail durch andere Personen als den Adressaten ist untersagt. Sollten Sie nicht der fuer diese eMail bestimmte Adressat sein, ist Ihnen jede Veroeffentlichung, Vervielfaeltigung oder Weitergabe wie auch das Ergreifen oder Unterlassen von Massnahmen im Vertrauen auf erlangte Information untersagt. In dieser eMail enthaltene Meinungen oder Empfehlungen unterliegen den Bedingungen des jeweiligen Mandatsverhaeltnisses mit dem Adressaten. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
