IDS mailing list archives

Re: Are there any other open sources IDS that not based on snort?

From: Olaf Gellert <og () pre-secure de>
Date: Mon, 23 Feb 2004 18:17:14 +0100

Chatprechakul Mr N wrote:

Hi all,
     I am doing a research on network security concentrating on correlation
of data from security products already in the network. I try to set up the
testbed network and run a few IDSes on this network. However, when I try to
find opensource IDS to run I would like different IDS to be difference
enough so that they provide diversity in the network. But from what I am
trying to find most of the opensource is based on snort (forgive me if I am
wrong).
     So my question is if anyone know other IDS either host based or network
based apart from snort? I have try some website that has list of IDS
research, most of them do not exist as a product anymore (if they are ever
exist).


Have a look at http://www.prelude-ids.org/
Prelude is an IDS-framework, that provides secure
communication between sensors and IDMEF-logging.
host-based and network-based sensors exist,
the network-based sensor uses snort-rules as
signatures (but is not based on snort sources),
the host-based are scanning syslogs, using libsafe
and even honeyd can be patched to be a prelude-sensor.

There is some framework for snort called aircert
(but it is based only on snort, I think):

http://aircert.sourceforge.net/

There is "M-ICE", which is a framework too (until
now it uses host-based sensors on Linux-hosts,
but it is extendible).

http://m-ice.sourceforge.net/

For a very complete list of IDS have a look at:

http://www-rnks.informatik.tu-cottbus.de/en/security/ids.html

Cheers, Olaf



--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Consultant,                              Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og () pre-secure de


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that integratessix applications for ease of use and lower TCO.


Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
---------------------------------------------------------------------------

Current thread:

Are there any other open sources IDS that not based on snort? Chatprechakul Mr N (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Olaf Gellert (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Yoann Vandoorselaere (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Alberto Gonzalez (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Joshua Wright (Feb 23)
  - Re: Are there any other open sources IDS that not based on snort? Martin Roesch (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Stephen P. Berry (Feb 23)
- <Possible follow-ups>
- RE: Are there any other open sources IDS that not based on snort? Bob Radvanovsky (Feb 25)
- Fwd: Are there any other open sources IDS that not based on snort? Giovanni Vigna (Feb 25)