IDS mailing list archives
Re: fusion of results from heterogeneous sensors
From: Jean-Philippe Luiggi <jp.luiggi () free fr>
Date: Mon, 05 Jun 2006 09:30:52 -0400
Hello, Considering the "anomaly based" IDS, i'm not sure a tool likes this exists in open source. Another tool you may check beside of "snort" is "bro" (http://bro-ids.org). Using the bro's language you can script your own policies and then with some tweaks, do and/or check what you want. Best regards. On Sat, May 20, 2006 at 09:37:54AM +0530, Raj Malhotra wrote:
Hi All I am trying to set up a test network comprising of heterogeneous intrusion detectors. The idea is to use the diverse capabilities of these detectors to arrive at a decision as to whether an intrusion took place or not. I intend to use a signature based ids (snort in this case), an anomaly based network ids ( i don't know what to use here), something which is very efficient in detecting scans (port scans, OS fingerprint attempts) etc. I would be thankful if folks can suggest freeware which can be used for the above mentioned purpose thanks in advance ral
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: fusion of results from heterogeneous sensors Jean-Philippe Luiggi (Jun 05)