IDS mailing list archives
Re: Are there any other open sources IDS that not based on snort?
From: Olaf Gellert <og () pre-secure de>
Date: Mon, 23 Feb 2004 18:17:14 +0100
Chatprechakul Mr N wrote:
Hi all, I am doing a research on network security concentrating on correlation of data from security products already in the network. I try to set up the testbed network and run a few IDSes on this network. However, when I try to find opensource IDS to run I would like different IDS to be difference enough so that they provide diversity in the network. But from what I am trying to find most of the opensource is based on snort (forgive me if I am wrong). So my question is if anyone know other IDS either host based or network based apart from snort? I have try some website that has list of IDS research, most of them do not exist as a product anymore (if they are ever exist).
Have a look at http://www.prelude-ids.org/ Prelude is an IDS-framework, that provides secure communication between sensors and IDMEF-logging. host-based and network-based sensors exist, the network-based sensor uses snort-rules as signatures (but is not based on snort sources), the host-based are scanning syslogs, using libsafe and even honeyd can be patched to be a prelude-sensor. There is some framework for snort called aircert (but it is based only on snort, I think): http://aircert.sourceforge.net/ There is "M-ICE", which is a framework too (until now it uses host-based sensors on Linux-hosts, but it is extendible). http://m-ice.sourceforge.net/ For a very complete list of IDS have a look at: http://www-rnks.informatik.tu-cottbus.de/en/security/ids.html Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE og () pre-secure de --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus ProtectionProtect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- Are there any other open sources IDS that not based on snort? Chatprechakul Mr N (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Olaf Gellert (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Yoann Vandoorselaere (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Alberto Gonzalez (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Joshua Wright (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Martin Roesch (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Stephen P. Berry (Feb 23)
- <Possible follow-ups>
- RE: Are there any other open sources IDS that not based on snort? Bob Radvanovsky (Feb 25)
- Fwd: Are there any other open sources IDS that not based on snort? Giovanni Vigna (Feb 25)