NIKSUN's NetDetector is highlighted in a recently published book,
entitled Incident Response by Kenneth R. van Wyk and Richard Forno. On page
119, in section 7 which addresses Network Monitors and Protocol Analyzers,
there is a write-up about NetDetector which states:
"One of the more recent, but powerful, entries into the network protocol
analyzer market is NetDetector by Niksun. Like the Sniffer product line,
it is a full-featured network protocol analyzer. Unlike the Sniffer,
though, it specializes in WAN connections and has an extremely capable
session visualization capability. In fact, in the area of session playback
and visualization, NetDetector is pretty much without peer.
NetDetector's session visualization features are truly impressive. They
include the ability to visually reconstruct web browser sessions and the
ability to quickly extract email file attachments from network data
streams. All of these things can be done using customized scripts and programs from
lower-level network analyzers, but NetDetector packages them in a very easy
to use system.
As with other network analysis products from Niksun, NetDetector
supports a wide range of physical network media on both the LAN and WAN
side. The list of supported network media includes 10/100/1000 BaseT
Ethernet, FDDI, T1, T3, and OC3.
Finally, NetDetector provides the ability to alert you (via SNMP) of
detected network activity that indicates likely intrusion activity. In
doing that, it most certainly has some intrusion detection capabilities,
but its intrusion detection features are not its strongest feature. Where
NetDetector really excels is in its network data capture and analysis
features. If you are looking for an uncompromising, monitoring and playback solution, NetDetector should be at the top of your
April 21st, 2002, 03:24 AM
hows about you lick my balls and take your ads somewhere else
April 21st, 2002, 03:26 AM
heh, if I was that desperate to advertise, I'd make it look a little better although placing it in signature is kinda smart.
April 21st, 2002, 03:56 AM
yeah!..what bob said
April 21st, 2002, 05:36 AM
If you want to be taken seriously drop the spam.
Reason your idea will most likely never be implemented.
1. Costly storage of mostly useless data.
2. Would grind server to a halt.
3. Might need some changes to the TCP/IP protocol.
April 21st, 2002, 07:10 AM
No to mention having to run through all that worthless data to find suspicious events.
April 21st, 2002, 09:19 AM
Oh geez... what a spammer.
What if I just feed a "traget" a few megabytes of suspicious-looking fodder and a couple hundred well-placed, calculated packets? Maybe even sending you legitimate traffic (oddles of FTP or Web at the same exact time, for example). And let's just say that all this traffic happens over a few days or weeks or even months? Record all you want... and I wish you luck finding anything I really want hidden. The only thing the "replay" might buy you, if you're lucky, is finding out how (or when) I got in... but overall it'll take you longer to find by that method than any reasonably senior/knlwedgeable admin and a good "sense" about a machine, overall.
And, well, if you have to spam about to to sell it to security-minded folk, well, it must suck...