Intrusion Detection and Review

• Would have been nice to use a real IDS

  • Most couldn’t read pcap recordings
  • Wanted to double check my analysis of the logs

• Testing with George Jones

  • Standalone network, packet blaster, IDS agent, IDS management station
  • Blasted 9 months worth of logs out
  • Lit it up like a Christmas tree!

• I didn’t miss much. IDS system did _

Previous slide

Next slide

Back to first slide

View graphic version