Bug#111462: ITP: prelude -- Prelude is a new innovative Network Intrusion Detection system designed to be very modular, evolutive, rock solid and fast.
Version: N/A; reported 2001-09-06
* Package name : prelude
Version : 0.4.2
Upstream Author : Yoann Vandoorselaere <email@example.com>
* URL : http://prelude.sourceforge.net/
* License : (GPL)
Description : Prelude is a new innovative Network Intrusion Detection
system designed to be very modular, evolutive, rock solid and fast.
Prelude is a general-purpose hybrid intrusion detection system, written
entirely from scratch, in C. Right now, it handles all of the TCP/IP
stack over Ethernet. Prelude is divided into several parts :
* Prelude, the NIDS sensor, responssible for real time packet
capture and analysis.
* The signature engine, designed to be completly generic and
evolutive, it is currently able to read Snort rulesets. By
simply adding parser, it should permit to load rulesets from
any NIDS easily.
* The protocol plugins, which can handle packet at a higher
level than prelude do, ie: you got a tcp packet, and a
Protocol plugin detect that packet data contain an rpc
header, so it will decode the rpc header, and ask to the
associated Detection plugin to analyze the decoded header.
* A set of detection plugins which job is to analyze the data
they are interested in (they register the protocol they are
interested in at initialisation time), and will eventually
emmit a security warning. Dection plugin should only be used
for complex intrusion detection that can't be done using the
* A report server, which sensors contacts in order to report an
intrusion, that generate user readable reports using plugins.
* The reporting plugins, which job is to decode the reports
issued by Detection plugin, and translate them in an user
readable form (ex: syslog report, html report, etc).
-- System Information
Debian Release: testing/unstable
Kernel: Linux tass 2.4.9 #1 mer aoû 29 19:24:43 CEST 2001 i686
Locale: LANG=fr_FR, LC_CTYPE=fr_FR