On Tue, October 26, 2004 8:11, Ben Halicki said: > Hi Alexander, > > Thanks for your reply. > > I am looking to setup a basic IDS system, where attempts to connect to > certain ports are logged in the usual places. At the moment, I am logging > connections to telnet ports, then I run a script every night to report on > connection attempts. > > Hardware specs shouldn't be a problem, server has only just been purchased > and runs dual xeon cpus, scsi drives etc. I guess by your suggestions, > the only time performance might be an issue, is during an attack (portscan > etc), which would probably hinder performance anyway. I'm logging rejected packets (only. Ie no accepted pckgs) on a P3 1G, ATA and don't see significant performance drops on typical outbreaks. HaJo -- HaJo Schatz <hajo@xxxxxxxx> http://www.HaJo.Net PGP-Key: http://www.hajo.net/hajonet/keys/pgpkey_hajo.txt
