fusion of results from heterogeneous sensors

["Raj Malhotra" <ral.mal () gmail com>]

Hi All

I am trying to set up a test network comprising of heterogeneous
intrusion detectors. The idea is to use the diverse capabilities of
these detectors to arrive at a decision as to whether an intrusion
took place or not.  I intend to use a signature based ids (snort in
this case), an anomaly based network ids ( i don't know what to use
here), something which is very efficient in detecting scans (port
scans, OS fingerprint attempts) etc.

I would be thankful if folks can suggest freeware which can be used
for the above mentioned purpose

thanks in advance

ral

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------