mailing list archives
Re: Intrusion Detection Systems
From: Mark Boolootian <booloo () cats ucsc edu>
Date: Mon, 14 Jul 1997 14:22:27 -0700 (PDT)
I need some tools to monitor an ip network for intrusion detection.
Can someone help me with this ?
I tried before some public domain tools like argus but i need to know is
someone has successfully constrcuted a good & complete intrusion detection
solution (i.e monitoring, logging, real-time alarms, proactive monitoring,
Dan Esbensen and the folks at TTI have built what I consider to be
a very good intrusion detection system. It is capable of monitoring and
logging sessions, real-time and delayed playback of sessions, alarms with
various associated actions, etc. You can filter for specific textual
patterns in a flow or filter based on IP address or TCP port.
They've put the documentation online at
The sell it as a bundled system. It runs under VMS on an Alpha which they
size based on the number of concurrent sessions you wish to monitor (I'm
not a fan of VMS, but the system is turn-key so you don't have to mess
with VMS unless you want to mung the log files generated by the system).
UC Santa Cruz