Hi there, visit http://www.nss.co.uk/ids/index.htm where 16 IDSs were tested... for such a big environment i would recommend to take a closer look at Enterasys Dragon and Cisco Secure IDS on the commercial side and of course Snort as Open Source candidate. In another test by I think it was Network World these three were the only ones which stayed strong in a big network with high traffic.
Malte. -- Malte von dem Hagen Student of IT-Security University of Bochum BJ> A free little program is snort. It's free sofware. BJ> A+ BJ> Ben BJ> On Mon, Jan 07, 2002 at 07:45:36PM, Greg wrote: >> >> >> I was wondering what everyone is doing for network >> >> based intrusion detection? I am looking for >> >> something I can use on a University based system >> >> with approximately 15000 nodes with various flavors >> >> of Unix, Linux, Windows, Mac, etc. I do have access >> >> to the logs of all incoming traffic (Cisco netflow). >> >> Does anyone have any scripts they use to analyze >> >> the logs, ar know of any products that will do >> >> this? >> >> >> >> Thanks in advance for any help. >> >> >> >> Greg BJ> ---end quoted text---
