IDS mailing list archives
Re: Building a Basic IDS.
From: Neil Daswani <daswani () cs stanford edu>
Date: 5 Jun 2003 21:54:14 -0000
In-Reply-To: <1054729803.1224.25.camel@tumbak> If you are interested in building a basic IDS, you may want to check out Vern Paxson's paper on Bro: http://citeseer.nj.nec.com/313480.html (Click on the PS or PDF links to download the paper.) The paper discusses some of the fundamental issues and trade-offs in building a network-based intrusion detection system. Sincerely, Neil Daswani http://www.learnsecurity.com/introccs/
Received: (qmail 16756 invoked from network); 4 Jun 2003 18:40:20 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 4 Jun 2003 18:40:20 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP id 7A08F8F28C; Wed, 4 Jun 2003 12:46:50 -0600 (MDT) Mailing-List: contact focus-ids-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <focus-ids.list-id.securityfocus.com> List-Post: <mailto:focus-ids () securityfocus com> List-Help: <mailto:focus-ids-help () securityfocus com> List-Unsubscribe: <mailto:focus-ids-unsubscribe () securityfocus com> List-Subscribe: <mailto:focus-ids-subscribe () securityfocus com> Delivered-To: mailing list focus-ids () securityfocus com Delivered-To: moderator for focus-ids () securityfocus com Received: (qmail 25485 invoked from network); 4 Jun 2003 11:58:00 -0000 Subject: Building a Basic IDS. From: Zaid Amireh <tumbak () inbox lv> To: focus-ids () securityfocus com Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) Date: 04 Jun 2003 15:30:01 +0300 Message-Id: <1054729803.1224.25.camel@tumbak> Mime-Version: 1.0 hello all, please don't flame me, I'm just a student seeking knowledge. we are three undergraduate students, we have much interest in security in general and NIDS's in specific, so we decided to code a simple NIDS as our graduation project. we read a lot about the theoretical parts, but we couldn't find any technical documents about building an ids from scratch, we do have a general overview of what we are to do, but as you know, getting a second opinion is always better :) so if you were asked to code a simple NIDS, where would you start and what path would you choose? thanks for your time. Zaid Amireh --------------------------------------------------------------------------
-----
INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM
capabilities
- including intrusion identification, relevancy, direction, impact and
analysis
- enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges,
and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2 --------------------------------------------------------------------------
-----
------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Building a Basic IDS. Zaid Amireh (Jun 04)
- Re: Building a Basic IDS. Sébastien Tricaud (Jun 04)
- <Possible follow-ups>
- Re: Building a Basic IDS. Neil Daswani (Jun 05)