IDS mailing list archives

Re: Are there any other open sources IDS that not based on snort?

From: Alberto Gonzalez <albertg () cerveau us>
Date: Mon, 23 Feb 2004 12:05:28 -0500

Prelude [0] is not based on the snort architecture, but _can_ use snort
as a sensor. Snippet from the Prelude website:

-----

"Prelude is an innovative Hybrid Intrusion Detection system designed to
be very modular, distributed, rock solid and fast.

Prelude takes benefits from the combination of traces of malicious
activity from different sensors (snort, honeyd, nessus vulnerability
scan, hogwash, samhain, systems logs, and others) in order to better
qualify the attack and in the end to perform automatic correlation
between the various traces.

Prelude is commited to provide an IDS that offer the ability to unify
the currently available tools into one, powerful, distributed
application."

-----

You might want to also look into the Hogwash [1] Project. As of Devel
0.5 it doesn't use the snort architecture anymore. Although the general
direction of hogwash is as an inline packet scrubber used to identify
and drop malicious packets. Hope this helps!

Cheers,
Albert Gonzalez 

[0] - http://www.prelude-ids.org 
[1] - http://hogwash.sourceforge.net 

-- 
"Success comes to the person who does today, what you are thinking of
doing tomorrow."


On Mon, 2004-02-23 at 06:42, Chatprechakul Mr N wrote:

Hi all,
     I am doing a research on network security concentrating on correlation
of data from security products already in the network. I try to set up the
testbed network and run a few IDSes on this network. However, when I try to
find opensource IDS to run I would like different IDS to be difference
enough so that they provide diversity in the network. But from what I am
trying to find most of the opensource is based on snort (forgive me if I am
wrong).
     So my question is if anyone know other IDS either host based or network
based apart from snort? I have try some website that has list of IDS
research, most of them do not exist as a product anymore (if they are ever
exist).

Regards,

Nattapon Chatprechakul
Depart of Information System
RMCS, Cranfield University
Shrivenham, Swindon
SN6 8LA, UK





---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that integrates 
six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
---------------------------------------------------------------------------

Current thread:

Are there any other open sources IDS that not based on snort? Chatprechakul Mr N (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Olaf Gellert (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Yoann Vandoorselaere (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Alberto Gonzalez (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Joshua Wright (Feb 23)
  - Re: Are there any other open sources IDS that not based on snort? Martin Roesch (Feb 23)
- Re: Are there any other open sources IDS that not based on snort? Stephen P. Berry (Feb 23)
- <Possible follow-ups>
- RE: Are there any other open sources IDS that not based on snort? Bob Radvanovsky (Feb 25)
- Fwd: Are there any other open sources IDS that not based on snort? Giovanni Vigna (Feb 25)