Home page logo
/

nanog logo nanog mailing list archives

Re: Intrusion Detection Systems
From: Mark Boolootian <booloo () cats ucsc edu>
Date: Mon, 14 Jul 1997 14:22:27 -0700 (PDT)


Hamdi,

I need some tools to monitor an ip network for intrusion detection.
Can someone help me with this ?
I tried before some public domain tools like argus but i need to know is
someone has successfully constrcuted a good & complete intrusion detection
solution (i.e monitoring, logging, real-time alarms, proactive monitoring,
..)

Dan Esbensen and the folks at TTI have built what I consider to be
a very good intrusion detection system.  It is capable of monitoring and
logging sessions, real-time and delayed playback of sessions, alarms with
various associated actions, etc.  You can filter for specific textual
patterns in a flow or filter based on IP address or TCP port.

They've put the documentation online at 
  http://www.ttinet.com/doc/insa_v15_contents.html

The sell it as a bundled system.  It runs under VMS on an Alpha which they 
size based on the number of concurrent sessions you wish to monitor (I'm
not a fan of VMS, but the system is turn-key so you don't have to mess
with VMS unless you want to mung the log files generated by the system).

regards,
mb
--
Mark Boolootian
UC Santa Cruz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]