Re: Inline IDS

[DHEERAJ RAI <smiledheeraj2006 () gmail com>]

hi, i m working on a project which includes the development of a
comprehensive intrusion detection system including both hids & nids. i
was hoping if anyone could suggest any posiible regrading its
implementation in c#. my NIDS comprises of network monitoring and
spyware detection. The HIDS comprises of Scanning Log files for
anamolous activities. i m using K-Means Clustering algorithm for
mining the system and network data. Please send me ur siggestions as
soon as possible....

On 2/23/09, Daniel Hood <dsmhood () gmail com> wrote:
> It seems I have decided on building an inline IDS. One of the ones
> with an Ethernet tap. I just had two questions.
>
> When people normally build ethernet taps (with all the soldering and
> such), what do they normally use? Is there a certain brand/model of
> hub, or do they buy a 4-port patch panel? By ethernet tap I mean one
> of those things, that looks like a 4-port patch panel, thats wired so
> that the IDS can pick up traffic passively and without impeding
> performance or creating a single point of failure.
>
> Also, I'm going to be most likely using either FreeBSD + Snort + Base
> or Debian + Snort + Base, do I just need hogwash and/or snort_inline
> as well or some other setups/config changes? Are there any changes to
> the ethernet adapters set up (or just leave them with no IP addresses
> but up?)
>
>
> Thanks guys,
> Daniel