IDS mailing list archives
Project Announce : Crusoe CIDS (Started at the beginning 2003)
From: crusoe ids <crusoecids () yahoo fr>
Date: Sun, 16 Nov 2003 17:26:48 +0100 (CET)
Crusoe CIDS is a project of detection of network Intrusion. This project has to start of a need that I had the time of the exploitation of tool. This project must allow : - to simplify regular work - of create, to analyse, use new modeles of detection of network intrusion What the project does not do : - not modif rules fw - not the blocking of the network traffic (IPS) - not h-ids Which are the idea / projects which made create Crusoe CIDS : - the sniffer / analyzer SHADOW CIDER - tcpdump - snort - syslog_ng / logsurfer / swatch Plateform avalaible : - FreeBSD v4.[8-9] secured Defect of the project current : - Performance storage/treatment - slow evolution of the project Tools used : - snort / prelude / firestorm - tcpdump / tethereal / argus / tcptrace - mysql / rrd - apache / perl / openssl - p0f / ettercap - net-snmp - honeyd Tools to develop within the framework of the Crusoe CIDS : - CrusoeDump - LogScan - ScanDetect - Dispatcher - Agent - modify / adapt of the whole of the already existing tools Goal of this Project : to record all the traffic network (IPv4) to receive information / alarms of the nIDS (and to support has term the already existing nIDS) verify information compared to the traffic recorded forensic all information update the detection of intrusion while : network stats (ntop) existing informations of the fw/honeypots/routers/switchs support at output data to http://www.incidents.org support at input data from CVE This project do not be to devel existing tools, on the contrary, the goal is to use the existing information/tools, and to treat automatic manner current alarms, to allow to seek new attacks quickly. It is not yet decider of what will be free or not. Regards. crusoecids () yahoo fr http://crusoecids.dyndns.org ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- Project Announce : Crusoe CIDS (Started at the beginning 2003) crusoe ids (Nov 17)