IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Building a Basic IDS.

From: Neil Daswani <daswani () cs stanford edu>
Date: 5 Jun 2003 21:54:14 -0000
In-Reply-To: <1054729803.1224.25.camel@tumbak>


If you are interested in building a basic IDS, you may want to check out 
Vern Paxson's paper on Bro:

http://citeseer.nj.nec.com/313480.html
(Click on the PS or PDF links to download the paper.)

The paper discusses some of the fundamental issues and trade-offs in 
building a network-based intrusion detection system.

Sincerely,

Neil Daswani
http://www.learnsecurity.com/introccs/




Received: (qmail 16756 invoked from network); 4 Jun 2003 18:40:20 -0000
Received: from outgoing2.securityfocus.com (205.206.231.26)
 by mail.securityfocus.com with SMTP; 4 Jun 2003 18:40:20 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 

[205.206.231.19])

      by outgoing2.securityfocus.com (Postfix) with QMQP
      id 7A08F8F28C; Wed,  4 Jun 2003 12:46:50 -0600 (MDT)
Mailing-List: contact focus-ids-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <focus-ids.list-id.securityfocus.com>
List-Post: <mailto:focus-ids () securityfocus com>
List-Help: <mailto:focus-ids-help () securityfocus com>
List-Unsubscribe: <mailto:focus-ids-unsubscribe () securityfocus com>
List-Subscribe: <mailto:focus-ids-subscribe () securityfocus com>
Delivered-To: mailing list focus-ids () securityfocus com
Delivered-To: moderator for focus-ids () securityfocus com
Received: (qmail 25485 invoked from network); 4 Jun 2003 11:58:00 -0000
Subject: Building a Basic IDS.
From: Zaid Amireh <tumbak () inbox lv>
To: focus-ids () securityfocus com
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) 
Date: 04 Jun 2003 15:30:01 +0300
Message-Id: <1054729803.1224.25.camel@tumbak>
Mime-Version: 1.0

hello all,
please don't flame me, I'm just a student seeking knowledge.
we are three undergraduate students, we have much interest in security
in general and NIDS's in specific, so we decided to code a simple NIDS
as our graduation project.
we read a lot about the theoretical parts, but we couldn't find any
technical documents about building an ids from scratch, we do have a
general overview of what we are to do, but as you know, getting a second
opinion is always better :)
so if you were asked to code a simple NIDS, where would you start and
what path would you choose?
thanks for your time.
Zaid Amireh




--------------------------------------------------------------------------

-----

INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM 

capabilities 

- including intrusion identification, relevancy, direction, impact and 

analysis 

- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, 

and Requirements" at: 

http://www.securityfocus.com/IntruVert-focus-ids2
--------------------------------------------------------------------------

-----





-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: