Home page logo

nanog logo nanog mailing list archives

Re: IDS Software
From: "Bill Larson" <blarson () compu net>
Date: Fri, 7 Sep 2001 21:24:55 -0500

Simple question simple answer :) http://www.snort.org/

Snort - The Open Source Network Intrusion Detection System 

----- Original Message ----- 
From: "Leo Bicknell" <bicknell () ufp org>
To: <nanog () merit edu>
Sent: Friday, September 07, 2001 9:26 PM
Subject: IDS Software

I'm starting a project for which I would like some quality IDS
software.  IMHO this opens up a whole can of worms, and will probably
start a great discussion, but that's probably good on the whole.

First, the requirements.  The IDS system must be:

* Free

* Run on FreeBSD, and/or maybe Linux.

* Allow both 'router' detection (where the host acts as a router)
  and 'passive' (where the host is simply a sniffer on a lan).

* Have a reasonable configuration system to allow common false-positives
  to be supressed.

At this point I know almost nothing about IDS systems, other than
that several companies make such products and charge huge fees for
them, and that there are a number of open-source products that have
no confirmed reputations.

Replies to the list are ok, as are private replies.  Assuming I get
something good I will summarize private replies to the list.

Leo Bicknell - bicknell () ufp org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]