Re: fusion of results from heterogeneous sensors

[Jean-Philippe Luiggi <jp.luiggi () free fr>]

Hello,

Considering the "anomaly based" IDS, i'm not sure a tool likes this exists 
in open source.

Another tool you may check beside of "snort" is "bro" (http://bro-ids.org).
Using the bro's language you can script your own policies and then
with some tweaks,  do and/or check what you want.

Best regards.

On Sat, May 20, 2006 at 09:37:54AM +0530, Raj Malhotra wrote:
> Hi All
>
> I am trying to set up a test network comprising of heterogeneous
> intrusion detectors. The idea is to use the diverse capabilities of
> these detectors to arrive at a decision as to whether an intrusion
> took place or not.  I intend to use a signature based ids (snort in
> this case), an anomaly based network ids ( i don't know what to use
> here), something which is very efficient in detecting scans (port
> scans, OS fingerprint attempts) etc.
>
> I would be thankful if folks can suggest freeware which can be used
> for the above mentioned purpose
>
> thanks in advance
>
> ral


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------