IDS mailing list archives

couple IDS development questions

From: whilter () o2 pl
Date: 16 Oct 2007 12:13:56 -0000

Hi

Recently i'm working on a new IDS project.
As a matter a fact at the moment i'm stuck in a point where i'm supposted to decide few very important things :

1) Which language?? C/C++ with its 
already implemented projects (Snort, ModSecurity), Java with its multiplatform option? 

2) Should I just take a project and try to build a new one on top of it? Snort fe ? Has anybody done that before? Any 
suggestions?

3) How is network IDS analizing  network activity when almost every package nowadays is encrypted?

4) I'm thinking about encrypting IDS messages/alerts-packages as well? What cipher should i use?

I dont want to "go in a wrong direction" from the start so please help ;]

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

couple IDS development questions whilter (Oct 16)
- Re: couple IDS development questions Stefano Zanero (Oct 18)
- Re: couple IDS development questions Sebastien Tricaud (Oct 18)
- Re: couple IDS development questions Jamie Riden (Oct 18)
- Re: couple IDS development questions Control Zed (Oct 19)