On Tue, 30 Sep 2003, Gaurav wrote:
> Hi all,
>
> Can anyone please let me know that if I want to deploy an IDS based on
> (Network Based which detects on packet basis) , which IDS is better,
> freely available.
Snort -> http://www.snort.org/
Prelude -> http://www.prelude-ids.org/
Firestorm NIDS -> http://www.scaramanga.co.uk/firestorm/
> Also If I want to develop a small Distributed IDS as a study project
> what features or architecture I should follow?
[Advocating my product] Prelude has been doing this for quite some time,
so you could have a look. There is also plenty of architectural
documentation available, e.g.
http://www.prelude-ids.org/article.php3?id_article=48
Snortnet attempted to do that with Snort:
http://snortnet.scorpions.net/
AirCERT also seems to be fit here:
http://aircert.sourceforge.net/
Best regards,
Krzysztof
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// http://mops.uci.agh.edu.pl/~kzaraska/ * http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
// -- Stanislaw Lem
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Received on Oct 06 2003
Intro
