We report on our experiences in adopting a hardware packet capture solution to improve the ability to capture (and discard) packets on both our existing IDS platform and new IDS solutions to protect our lively environment.

The University of California at Santa Cruz School of Engineering is growing and traffic rates are overwhelming the existing IDS PC-based system. Gigabit ports are cropping up all over the department, and major traffic flows go to and from I2. We'll discuss our investigation into next-generation capture cards and our desire to continue to use Snort (www.snort.org) aligned with the discovery and use of some new, interesting technology.

About the Presenter
Paul Tatarsky <paul@tatarsky.com> is a UNIX sysadmin and security consultant in the Midwest who has spent most of his 15 working years monitoring IDS systems at UCSC on the west coast. He also runs several compute clusters for the Human Genome Project at UCSC and tries to come up with better ways to protect his systems from attack and improve the way he monitors for such attacks.