[Dailydave] lots of monkeys staring at a screen....security?

[Blue Boar]

Halvar Flake wrote:
> 
> I still agree with the concept of replacing an IDS with just a large 
> quantity
> of tapes on which to archive all traffic. IDSs will never alert you to an 
> attack-
> in-progress, and by just dumping everything onto a disk somewhere you can
> at least do a halfways-decent forensics job thereafter.

Wow, how would you process that much traffic?  You would need some kind 
of software designed to read packet captures and look for particular 
patterns, and maybe flag them as potential attacks.

					BB