IDS mailing list archives
Re: New Azwalaro project, is a French Open Source Nids project
From: rmkml <rmkml () free fr>
Date: Tue, 12 Sep 2006 20:54:23 +0200 (CEST)
Hi Stefano, thx for comment on this new nids project ! see below
This project is under developpement (pre alpha version) because not find on another nids open source product easy to exte nd,Well, this is a pity, because working on Snort or Bro or Prelude would have benefited the community a lot more than starting YARBIDS (Yet Another Rule Based IDS)...
Im use snort,bro,prelude(down) and firestorm on daily and all have advantage/incovenient (and bro is not only yarbids)
and work with very good ethereal/wireshark dissector library !Hint: I may be wrong, but that library is painfully slow for real-time IDS purposes on real world networks. Maybe Martin Roesch or another Snort/Sourcefire guy can correct me on this...
yes ethereal/wireshark dissector is not very very fast (compared to snort) but this feature is one point on this project (look home page, sorry French speakly actually) but ethereal/wireshark have very good reassembly/frag/dissector on many many many protocol !
- fix uri contentWhat do you mean ? If it's the example on your page, I'm sorry to say that contextual rules for protocols are already in Snort and in almost any good commercial product...
look /azwalaro/parser.html page and pcap example ...
- work with ssl sessionYou cannot, unless you disclose private keys to your IDS box. That's Not Recommended (TM), but there's a lot of ways to do that
another nids project rejected ssl session, Azwalaro go ...
- search on mime attachementAny IDS worth its cost can do that.
oops, open source project NOT extract mime att and find on ... is very hard but interisting feature on Azwalaro project
- reduce false alertThat's the holy grail, you're welcome to join us in its search :)
look parser.html page ... Happy to detect with Open Source Project ! Rmkml Azwalaro () Crusoe-Researches com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- New Azwalaro project, is a French Open Source Nids project rmkml (Sep 11)
- Re: New Azwalaro project, is a French Open Source Nids project Stefano Zanero (Sep 13)
- Re: New Azwalaro project, is a French Open Source Nids project rmkml (Sep 13)
- <Possible follow-ups>
- RE: New Azwalaro project, is a French Open Source Nids project Moyer, Shawn - St. Louis, MO (Sep 26)
- Re: New Azwalaro project, is a French Open Source Nids project Eric Hines (Sep 27)
- Re: New Azwalaro project, is a French Open Source Nids project s . zanero (Sep 27)
- Re: New Azwalaro project, is a French Open Source Nids project Eric Hines (Sep 27)
- Re: New Azwalaro project, is a French Open Source Nids project Stefano Zanero (Sep 13)