On Fri, 5 Jan 2001, Sebastian Krahmer wrote:
On Thu, 4 Jan 2001, bacano wrote:
Pakemon http://www.inas.mag.keio.ac.jp/ids/pakemon/index.html Abacus Project http://www.psionic.com/abacus/ eye on exec http://www.cs.uni-potsdam.de/homepages/students/linuxer/ok.html Eh, wow, ... I forgot. Yes, thats good idea, coz it's from me :> Next holiday I hopefully find time to port it to some other BSD's. Also extension of the weak-path concept would be cool. I'd appreciate help of experianced programmer's who could write detection-script on top of this driver.
check out CLIPS (http://www.ghgcorp.com/clips/CLIPS.html) *g* and not to forget Emerald's P-BEST expert system. SRI assembled a good knowledge base, but Emerald isn't opensource and it's limited to Solaris. nevertheless, hostbased IDS contains more parts, then just a syscall logger. syscall logging is a good source of information, but w/o databases, analysis agents and countermeasure agents, good scalability etc. it's useless in a production environment. A serious IDS is very complex. So, as I stated before: All non-commercial IDS I know _suck_! Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47