IDS mailing list archives
Re: Are there any other open sources IDS that not based on snort?
From: Alberto Gonzalez <albertg () cerveau us>
Date: Mon, 23 Feb 2004 12:05:28 -0500
Prelude [0] is not based on the snort architecture, but _can_ use snort as a sensor. Snippet from the Prelude website: ----- "Prelude is an innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast. Prelude takes benefits from the combination of traces of malicious activity from different sensors (snort, honeyd, nessus vulnerability scan, hogwash, samhain, systems logs, and others) in order to better qualify the attack and in the end to perform automatic correlation between the various traces. Prelude is commited to provide an IDS that offer the ability to unify the currently available tools into one, powerful, distributed application." ----- You might want to also look into the Hogwash [1] Project. As of Devel 0.5 it doesn't use the snort architecture anymore. Although the general direction of hogwash is as an inline packet scrubber used to identify and drop malicious packets. Hope this helps! Cheers, Albert Gonzalez [0] - http://www.prelude-ids.org [1] - http://hogwash.sourceforge.net -- "Success comes to the person who does today, what you are thinking of doing tomorrow." On Mon, 2004-02-23 at 06:42, Chatprechakul Mr N wrote:
Hi all, I am doing a research on network security concentrating on correlation of data from security products already in the network. I try to set up the testbed network and run a few IDSes on this network. However, when I try to find opensource IDS to run I would like different IDS to be difference enough so that they provide diversity in the network. But from what I am trying to find most of the opensource is based on snort (forgive me if I am wrong). So my question is if anyone know other IDS either host based or network based apart from snort? I have try some website that has list of IDS research, most of them do not exist as a product anymore (if they are ever exist). Regards, Nattapon Chatprechakul Depart of Information System RMCS, Cranfield University Shrivenham, Swindon SN6 8LA, UK
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- Are there any other open sources IDS that not based on snort? Chatprechakul Mr N (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Olaf Gellert (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Yoann Vandoorselaere (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Alberto Gonzalez (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Joshua Wright (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Martin Roesch (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Stephen P. Berry (Feb 23)
- <Possible follow-ups>
- RE: Are there any other open sources IDS that not based on snort? Bob Radvanovsky (Feb 25)
- Fwd: Are there any other open sources IDS that not based on snort? Giovanni Vigna (Feb 25)