IDS mailing list archives
Re: couple IDS development questions
From: Stefano Zanero <zanero () elet polimi it>
Date: Tue, 16 Oct 2007 21:01:59 +0200
whilter () o2 pl wrote:
1) Which language?? C/C++ with its already implemented projects (Snort, ModSecurity), Java with its multiplatform option?
Network IDS ? C is the only viable option. And...
2) Should I just take a project and try to build a new one on top of it? Snort fe ? Has anybody done that before? Any suggestions?
Contribute to Snort.
3) How is network IDS analizing network activity when almost every package nowadays is encrypted?
It's not true that everything is encrypted.
4) I'm thinking about encrypting IDS messages/alerts-packages as well? What cipher should i use?
Using OpenSSL seems a reasonable approach if you need to. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- couple IDS development questions whilter (Oct 16)
- Re: couple IDS development questions Stefano Zanero (Oct 18)
- Re: couple IDS development questions Sebastien Tricaud (Oct 18)
- Re: couple IDS development questions Jamie Riden (Oct 18)
- Re: couple IDS development questions Control Zed (Oct 19)