IDS mailing list archives
Re: Building a Basic IDS.
From: Sébastien Tricaud <toady () gscore org>
Date: Wed, 4 Jun 2003 21:45:54 +0200
On 04 Jun 2003 15:30:01 +0300 Zaid Amireh <tumbak () inbox lv> wrote:
hello all, please don't flame me, I'm just a student seeking knowledge. we are three undergraduate students, we have much interest in security in general and NIDS's in specific, so we decided to code a simple NIDS as our graduation project. we read a lot about the theoretical parts, but we couldn't find any technical documents about building an ids from scratch, we do have a general overview of what we are to do, but as you know, getting a second opinion is always better :) so if you were asked to code a simple NIDS, where would you start and what path would you choose? thanks for your time.
The best way is to use libpcap to catch packets. You can get tutorials on how to use it on the tcpdump webpage. (http://www.tcpdump.org/) The sniffer, tcpdump use it, you can also look closer to its sources. If it's just for a graduation project, you'll not need to fight very much to have something funny. ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Building a Basic IDS. Zaid Amireh (Jun 04)
- Re: Building a Basic IDS. Sébastien Tricaud (Jun 04)
- <Possible follow-ups>
- Re: Building a Basic IDS. Neil Daswani (Jun 05)