IDS mailing list archives
Re: host-based ips ?
From: Mike Frantzen <frantzen () nfr com>
Date: Fri, 18 Apr 2003 11:15:45 -0400
there are some nips (network based ips), but i never ever heard about host based ips. any body have known about this?
Niels' systrace originally from OpenBSD and NetBSD fits the bill. I've heard that it has been ported to FreeBSD and Linux as well. It does take a bit more technical know-how to set up right though. There is also Crispin's Stackguard, my StackGhost, and Etoh's Propolice for general stack protection. Format string attack protection would come from Crispin's and my Formatguard. There are a bunch of venders shipping various non-exec solutions; I like Dale Rahn's OpenBSD W^X protection but then again, I'm biased ;-) General solutions are often easier on a host than the traditional "detect and stop known attack" of the Network IPS world. .mike frantzen@(nfr.com | cvs.openbsd.org | w4g.org) ------------------------------------------------------------------------------ INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids
Current thread:
- host-based ips ? Quynh Nguyen Anh (Apr 17)
- Re: host-based ips ? Huagang Xie (Apr 17)
- Re: host-based ips ? John Ruff (Apr 21)
- Re: host-based ips ? Mike Frantzen (Apr 21)
- <Possible follow-ups>
- RE: host-based ips ? Shimono, Toshio (ISS Tokyo) (Apr 17)
- RE: host-based ips ? Security News (Apr 21)
- RE: host-based ips ? Adam Powers (Apr 17)
- RE: host-based ips ? Chris Petersen (Apr 21)
- Re: host-based ips ? SB CH (Apr 21)
- Re: host-based ips ? Huagang Xie (Apr 21)
- Re: host-based ips ? Huagang Xie (Apr 17)