Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
session logging IDS
From: Raj Malhotra (ral.malgmail.com)
Date: Mon Aug 30 2004 - 06:17:58 CDT
We are evaluating available NIDS products which would work at 100 mbps
and would also do "session logging". By "session logging", we would
want the IDS to log the "entire session" and not just the session
"after" an intrusion is detected.
We saw a couple of IDS which would probably be able to do something like this,
Cisco offers session logging as well as replay.
Intrushield says something like "Highly customized capture of
individual packet, individual session, specific source/destination, or
entire traffic stream upon attack detection" which might be translated
as "logging of the session only after an attack has been detected".
Can anyone tell us more about these or any such IDS that are available
which can log the entire session.
Also, has anyone used any of these and with what degree of success?
You can mail us back off the list if you so wish so.