Re: OpenSource Alternative to SourceFire's RNA

["AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>]

--On 30 March 2004 09:25 -0600 Josh Berry <josh.berry () netschematics com> 
wrote:

> Is anyone working on OpenSource Alternatives to SourceFire's RNA product?
> I was thinking about using p0f to dump OS information into a file and then
> export it to a database but I really would like to gather service level
> information and eventually passively identify vulnerabilities.  The only
> ways that I can think of getting any of this kind of information passively
> is with NTOP or developing signatures for Snort alerting on specific
> services (Seeing Apache 1.3.29 in an HTTP string), sending that data to a
> file and then exporting it with another program only updating new entries.
>
> At any level it would be a massive undertaking, anyone interested?

OS-Sim <http://www.ossim.net> looks like the way to go; it correlates the 
results of previous Nessus scans with Snort alerts, and bumps the priority 
of alerts appropriately.

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users