Mailinglist Archive: opensuse-security (564 mails)

< Previous Next >
Re: [suse-security] Intrusion detection?
Thomas,
Can you advice us a IDS that dont suck?
I just use Linux at home so I'll probably keep using many things that suck,
at least for try to learning how they suck, but others may need to know
other IDS apps, for corporate use.
http://website.lineone.net/~offthecuff/HIDS.htm
(http://www.networkintrusion.co.uk)

btw ... also many commercial stuff suck, in this case vulnerability
scanners: http://www.nwc.com/1201/1201f1b1.html

[ ]'s bacano

----- Original Message -----
From: "Thomas Biege" <thomas@xxxxxxx>
To: "Sebastian Krahmer" <krahmer@xxxxxxx>
Cc: "bacano" <bacano@xxxxxxxxxxxx>; <suse-security@xxxxxxxx>
Sent: Friday, January 05, 2001 5:24 PM
Subject: Re: [suse-security] Intrusion detection?


> On Fri, 5 Jan 2001, Sebastian Krahmer wrote:
>
> > On Thu, 4 Jan 2001, bacano wrote:
> >
> > > Pakemon http://www.inas.mag.keio.ac.jp/ids/pakemon/index.html
> > > Abacus Project http://www.psionic.com/abacus/
> > > eye on exec
http://www.cs.uni-potsdam.de/homepages/students/linuxer/ok.html
> > Eh, wow, ... I forgot.
> > Yes, thats good idea, coz it's from me :>
> > Next holiday I hopefully find time to port it to some other
> > BSD's. Also extension of the weak-path concept would be cool.
> > I'd appreciate help of experianced programmer's who could
> > write detection-script on top of this driver.
>
> check out CLIPS (http://www.ghgcorp.com/clips/CLIPS.html) *g*
> and not to forget Emerald's P-BEST expert system. SRI assembled
> a good knowledge base, but Emerald isn't opensource and it's
> limited to Solaris.
>
> nevertheless, hostbased IDS contains more parts, then just
> a syscall logger. syscall logging is a good source of
> information, but w/o databases, analysis agents and
> countermeasure agents, good scalability etc. it's useless in a
> production environment.
> A serious IDS is very complex. So, as I stated before:
> All non-commercial IDS I know _suck_!
>
> Bye,
> Thomas
> --
> Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
> E@mail: thomas@xxxxxxx Function: Security Support & Auditing
> "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
> Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >
References