On Thursday 10 June 2004 2:48 pm, Peter Marshall wrote:
> Thank you very much for the help.
>
> Is IDS a packet sniffer ?
Most IDSs do operate by packet sniffing, yes (although you can run them on a
gateway router if that's what you want to monitor).
IDS means Intrusion Detection System, and such things are used to look out for
known attack patterns or anomalous behaviour on your network.
Many people monitor both the outside and inside of a firewall, so they know:
a) what probes/attacks were attempted (from outside) and got blocked
b) what probes/attacks got through
c) what probes/attacks originated from the inside
d) what strange traffic is happening on the network (eg from viruses / worms /
trojans)
Regards,
Antony.
--
These clients are often infected by viruses or other malware and need to be
fixed. If not, the user at that client needs to be fixed...
- Henrik Nordstrom, on Squid users' mailing list
Please reply to the list;
please don't CC me.
