Re: New Azwalaro project, is a French Open Source Nids project

[Stefano Zanero <s.zanero () securenetwork it>]

rmkml wrote:

> This project is under developpement (pre alpha version) because not find
> on another nids open source product easy to exte
> nd, 

Well, this is a pity, because working on Snort or Bro or Prelude would
have benefited the community a lot more than starting YARBIDS (Yet
Another Rule Based IDS)...

> and work with very good ethereal/wireshark dissector library !

Hint: I may be wrong, but that library is painfully slow for real-time
IDS purposes on real world networks.

Maybe Martin Roesch or another Snort/Sourcefire guy can correct me on
this...

>   - fix uri content

What do you mean ? If it's the example on your page, I'm sorry to say
that contextual rules for protocols are already in Snort and in almost
any good commercial product...

>  - work with ssl session

You cannot, unless you disclose private keys to your IDS box. That's Not
Recommended (TM), but there's a lot of ways to do that

>  - search on mime attachement

Any IDS worth its cost can do that.

>   - reduce false alert

That's the holy grail, you're welcome to join us in its search :)

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------