('binary' encoding is not supported, stored as-is) In-Reply-To: <9DCB77D01366AA4497DAFA759E1EB580BFAC33WW1WEX01>

There are two ways that you can go that I know of. If
you have a limited budget then I would use hogwash.
This is a modified version of snort that is an inline
NIDS. The great thing about hogwash is that it is a
layer two device. It uses the same rules that snort
uses but has an additional action, drop.
If you need a commercially supported product
BlackICE (now part of ISS) makes a product called
Guard. This is the same type of device but with a
price. The main difference in the technologies is that
snort/hogwash are pattern matching NIDS were
BlackICE products are protocol analysis products.
There is good and bad to be said about both. If you
want to know more about protocol analysis NIDS look
up Robert Graham. He worked for Network General
developing Sniffer and then for NetworkICE. He has
the protocol analysis stuff down.

Neil

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]