IDS mailing list archives

Re: couple IDS development questions

From: Stefano Zanero <zanero () elet polimi it>
Date: Tue, 16 Oct 2007 21:01:59 +0200

whilter () o2 pl wrote:

1) Which language?? C/C++ with its 
already implemented projects (Snort, ModSecurity), Java with its multiplatform option?


Network IDS ? C is the only viable option. And...

2) Should I just take a project and try to build a new one on top of it? Snort fe ? Has anybody done that before? Any 
suggestions?


Contribute to Snort.

3) How is network IDS analizing  network activity when almost every package nowadays is encrypted?


It's not true that everything is encrypted.

4) I'm thinking about encrypting IDS messages/alerts-packages as well? What cipher should i use?


Using OpenSSL seems a reasonable approach if you need to.

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

couple IDS development questions whilter (Oct 16)
- Re: couple IDS development questions Stefano Zanero (Oct 18)
- Re: couple IDS development questions Sebastien Tricaud (Oct 18)
- Re: couple IDS development questions Jamie Riden (Oct 18)
- Re: couple IDS development questions Control Zed (Oct 19)