Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RE: Ramping up for another review

From: Dan Schnackenberg <dan () baker ds boeing com>
Date: Fri, 28 Jul 2000 10:51:21 -0700
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Klaus, Chris wrote:

There are atleast 2 IDS standards groups:  IETF has IDWG (intrusion
detection working group) that is starting to lay the groundwork for IDS in
the industry and CIDF (common intrusion detection framework).  I do not
believe either of them have tackled a standard for common IDS response
protocol.


CIDF actually does have some response capabilities in the language.
Responses are requested through the "Do" verb.  So one can say things
like "Do Block" or "Do Trace", followed by a specification of what
to block or trace.  One could easily envision adding more terms for
more exotic requested actions (e.g., "Do Make Coffee" or "Do Order Mega War
Heads";).  We have been using CIDF as our response language on our DARPA
research project, and it works reasonably well.

Dan
-- 
Dan Schnackenberg
Boeing Phantom Works
dan () baker ds boeing com
(253)773-8231
Previous By Date Next
Previous By Thread Next

Current thread: