Re: Recording slow scans

[Adam Shostack <adam () homeport org>]

There's Bro and Shadow for Network sniffer misuse and anomoly
detection (depending on how you program them.)  Theres AAFID, which
now has network agents.  (COAST's distributed agent based system).
There's tripwire and l5 for host change detection.  Theres swatch for
log monitoring.  Theres a lot of open source stuff.

I think the problem is more a lack of basic thinking on the lines of
'The Design of an Internet Firewall' that helps clarify people's
thoughts on what to build; people are still designing cool new stuff,
and some of them are selling it, others are giving it away.


Adam



On Wed, Oct 14, 1998 at 02:55:04AM +0000, Crispin Cowan wrote:

| I don't see a whole lot of open-source IDS-ware floating around.  On the
| other hand, there is a lot of commercial, closed-source IDS products out
| there.  If there was an IDS toolkit, then open source coders could write
| cleaver new instruments, finte tune stuff, debug stuff, contribute
| enhancements back into the community ... you know, that cool stuff that
| open-source people tend to do if you let them.
-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume