Re: Network Behaviour Anomoly Detection

[Jon Baer <security () jonbaer net>]

There are a few add-ons listed here:

http://www.jpsdomain.org/infosec/snort.html

SPADE would be one example ...

- Jon

crayola () optonline net wrote:

> Is anyone aware of any opensource Network Behaviour Anomoly Detection programs or projects out there? Something that is tracking what traffic is going where, how much, how often, from where, to where, using what ports... etc. Letting you figure out what is normal.. then alerting when normal gets to far out of wack. 
>
> If not.. anyone want to start one with me? 
>
> It would seem to be an excellent partner to a Signature based IDS like Snort for gaining real insight into what is 
> flowing over the network.
>
> Thanks, 
> Mike
>
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>  



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users