Challenges to Logging

• Attack path reconstruction is difficult

  • Packet may be transformed as it moves through the network

• Full packet storage is problematic

  • Memory requirements are prohibitive at high line speeds (OC-192 is ~10Mpkt/sec)

• Extensive packet logs are a privacy risk

  • Traffic repositories may aid eavesdroppers

Previous slide

Next slide

Back to first slide

View graphic version