IDS mailing list archives
Re: IDS Query?
From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Thu, 2 Oct 2003 20:42:03 +0200 (CEST)
On Tue, 30 Sep 2003, Gaurav wrote:
Hi all, Can anyone please let me know that if I want to deploy an IDS based on (Network Based which detects on packet basis) , which IDS is better, freely available.
Snort -> http://www.snort.org/ Prelude -> http://www.prelude-ids.org/ Firestorm NIDS -> http://www.scaramanga.co.uk/firestorm/
Also If I want to develop a small Distributed IDS as a study project what features or architecture I should follow?
[Advocating my product] Prelude has been doing this for quite some time, so you could have a look. There is also plenty of architectural documentation available, e.g. http://www.prelude-ids.org/article.php3?id_article=48 Snortnet attempted to do that with Snort: http://snortnet.scorpions.net/ AirCERT also seems to be fit here: http://aircert.sourceforge.net/ Best regards, Krzysztof // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // http://mops.uci.agh.edu.pl/~kzaraska/ * http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- IDS Query? Gaurav (Oct 02)
- Re: IDS Query? Krzysztof Zaraska (Oct 06)