If you run a packet audit server or an IDS that does full packet captures, I recommend you read this article by Doug Burks from the Security Onion blog about disabling NIC offload features, found here.
You may find you really need the full data of packets and don't have it, if you don't do this. Doug is a GSE, the lead author of the Security Onion distro and an all-around helpful guy. Good stuff.
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
No comments:
Post a Comment