IDS mailing list archives
Re: IDS Creation
From: Rainer Duffner <rainer () ultra-secure de>
Date: Mon, 29 Mar 2004 21:43:38 +0200
spam2fred wrote:
Hello there guys...I wonder if someone could help me or redirect me to someplace where I could find help...I'm suposed to "create" or "assembly" a very simple IDS or NIDS, but all the information I can find on the net is still to complex or even wrote for those who have already a lot of knowlogy abt this subject. Maybe any of you could tell me where to find "beginner" material abt IDSstnks a lot
I guess the situation is that you are supposed to have a good understanding of how TCP/IP works. Then, an IDS doesn't look very complicated to you, unless you want to understand it on the source-code level, which is not necessary today anymore.
Have you ever watched the recording of a simple TCP/IP session (like fetching http://www.google.com or even better http://ip.on.your.lan) in ethereal ?
Did you understand what you could see ?Have you ever watched the recording of a "not so simple" TCP/IP session (like the download of a small file over actice FTP, with different clients)?
Did you understand what you could see ?If you can't answer these questions with yes, then you are probably right: IDSs are way above your knowledge - but that's not the fault of the IDS-documentation then.
IDS is all about TCP/IP flags, fragmentation, segmentation and reassembly of packets and bits - and that's only at the lowest level.
Give yourself time, comb the net for advanced TCP/IP tutorials (beyond "righ-click on MyNetworks...") and buy a good IDS-book or two for some historical context. And read "Practical Unix & Internet Security 3rd ed." before that.
Rainer --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- IDS Creation spam2fred (Mar 25)
- Re: IDS Creation InfoSec (Mar 29)
- RE: IDS Creation David Markle (Mar 29)
- Re: IDS Creation Rainer Duffner (Mar 29)
- <Possible follow-ups>
- RE: IDS Creation Tarek Amr Abdullah (Mar 29)