Thomas,
Can you advice us a IDS that dont suck?
I just use Linux at home so I'll probably keep using many things that suck,
at least for try to learning how they suck, but others may need to know
other IDS apps, for corporate use.
http://website.lineone.net/~offthecuff/HIDS.htm
(http://www.networkintrusion.co.uk)
btw ... also many commercial stuff suck, in this case vulnerability
scanners: http://www.nwc.com/1201/1201f1b1.html
[ ]'s bacano
----- Original Message -----
From: "Thomas Biege"
On Fri, 5 Jan 2001, Sebastian Krahmer wrote:
On Thu, 4 Jan 2001, bacano wrote:
Pakemon http://www.inas.mag.keio.ac.jp/ids/pakemon/index.html Abacus Project http://www.psionic.com/abacus/ eye on exec http://www.cs.uni-potsdam.de/homepages/students/linuxer/ok.html Eh, wow, ... I forgot. Yes, thats good idea, coz it's from me :> Next holiday I hopefully find time to port it to some other BSD's. Also extension of the weak-path concept would be cool. I'd appreciate help of experianced programmer's who could write detection-script on top of this driver.
check out CLIPS (http://www.ghgcorp.com/clips/CLIPS.html) *g* and not to forget Emerald's P-BEST expert system. SRI assembled a good knowledge base, but Emerald isn't opensource and it's limited to Solaris.
nevertheless, hostbased IDS contains more parts, then just a syscall logger. syscall logging is a good source of information, but w/o databases, analysis agents and countermeasure agents, good scalability etc. it's useless in a production environment. A serious IDS is very complex. So, as I stated before: All non-commercial IDS I know _suck_!
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com