IDS mailing list archives

Re: Linux/*nix open source IDS

From: Giovanni Vigna <vigna () cs ucsb edu>
Date: Tue, 12 Aug 2003 18:42:04 -0700 (PDT)

You may want to check out USTAT/linSTAT/WinSTAT
at http://www.cs.ucsb.edu/~rsg/STAT

Let me know if you have questions

G
On 12 Aug 2003 clmail2000 () yahoo com wrote:



Hello,

I am interested in implementing an open source IDS for a Linux/*nix 
system and have been looking into various different ones and the 
sort of critiques they have received. Some of the products I am 
considering are Tripwire, AIDE, Samhain, Integrit, and Osiris. 
Because I had not been able to find very much commentary about 
such packages (except for Tripwire), I would like to ask what 
sort of experiences anyone has had with them and how they compare 
with one another. Alternatively, if you can point me to where I can 
find such information, that would also be much appreciated.

Since the choice of an IDS depends on the system it is used to 
monitor, I should say I am presently just looking for something 
to protect my stand-alone Linux box, but I would like to learn 
what works for larger systems running any sort of *nix.

Thanks in advance,
Charles

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------


-- 
Giovanni Vigna                           
University of California Santa Barbara - Dept. of Computer Science
http://www.cs.ucsb.edu/~vigna 


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------

Current thread:

Linux/*nix open source IDS clmail2000 (Aug 12)
- Re: Linux/*nix open source IDS Paul Schmehl (Aug 12)
  - Re: Linux/*nix open source IDS Ralf Spenneberg (Aug 13)
  - Re: Linux/*nix open source IDS clmail2000 (Aug 19)
- Re: Linux/*nix open source IDS Giovanni Vigna (Aug 13)
- <Possible follow-ups>
- Re: Linux/*nix open source IDS Matt . Carpenter (Aug 12)