Home page logo

nanog logo nanog mailing list archives

Re: Intrusion Detection Systems
From: Mark Boolootian <booloo () cats ucsc edu>
Date: Mon, 14 Jul 1997 14:22:27 -0700 (PDT)


I need some tools to monitor an ip network for intrusion detection.
Can someone help me with this ?
I tried before some public domain tools like argus but i need to know is
someone has successfully constrcuted a good & complete intrusion detection
solution (i.e monitoring, logging, real-time alarms, proactive monitoring,

Dan Esbensen and the folks at TTI have built what I consider to be
a very good intrusion detection system.  It is capable of monitoring and
logging sessions, real-time and delayed playback of sessions, alarms with
various associated actions, etc.  You can filter for specific textual
patterns in a flow or filter based on IP address or TCP port.

They've put the documentation online at 

The sell it as a bundled system.  It runs under VMS on an Alpha which they 
size based on the number of concurrent sessions you wish to monitor (I'm
not a fan of VMS, but the system is turn-key so you don't have to mess
with VMS unless you want to mung the log files generated by the system).

Mark Boolootian
UC Santa Cruz

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]