Re: new intrusion detection system

[Mark Teicher <mht3 () earthlink net>]

Can you provide the URL link to the IETF standard on IDS Logging.

/thx

At 02:51 PM 10/21/2004, Matt Bing wrote:
> Herve Debar said:
> > the IETF effort is the IDMEF/IDXP work. It is still alive :-)
>
> The standard has taken so long to produce, the industry has already shifted
> focus to IPS and flow-analysis that exceed the initial design considerations
> of IDMEF. On top of that, an entirely new field of log aggregators partnering
> with IDS vendors have already superceded the need for a standard IDS logging
> format.
>
> It's certainly a hard problem (look how far IDMEF came from CIDF) and it
> makes a lot of important points, but it seems to be the answer to a question
> nobody asked.
>
> full-disclosure: I am *not* a vendor :)
>
> --matt
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> --------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------