OT: An Idea for an IDS

To: debian-security@lists.debian.org
Subject: OT: An Idea for an IDS
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Mon, 30 Jun 2003 18:38:33 -0400
Message-id: <[🔎] 20030630223833.GA25418@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org

Greets all,

A previous post spawned an idea of mine.  I am not sure if there is a
project available for this or not.  Here we go:

A daemon sits running in the background listening to a special device
(/dev) or an IPC which would originate from syslog-ng.  This daemon
would then parse the log and look for suspicious things.  If it found
something suspicious it would use regular expression to grab out
pertinent parts of the log (say the IP address) and act on the log
accordingly (in real time) by say dropping an IPTABLE rule down on the
IP address.

Are there any projects out there to do this right now.  If not, is this
a good idea?  If it is who would be a person/group that would be
qualified and have the time/interest to develop it.

Just throwing out a random conscious thought,

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #202: That's easy to fix but I can't be bothered.

Reply to:

Prev by Date: Re: Why is proftpd always started when one update it?
Next by Date: samba woody
Previous by thread: Re: FTP servers that ban abusers?
Next by thread: samba woody
Index(es):
- Date
- Thread