Re: OT: An Idea for an IDS

To: debian-security@lists.debian.org
Subject: Re: OT: An Idea for an IDS
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 30 Jun 2003 22:39:15 -0400
Message-id: <[🔎] 20030701023915.GE1090@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20030630223833.GA25418@zionlth.org>
References: <20030630223833.GA25418@zionlth.org>

On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:

> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng.  This daemon
> would then parse the log and look for suspicious things.  If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) and act on the log
> accordingly (in real time) by say dropping an IPTABLE rule down on the
> IP address.
> 
> Are there any projects out there to do this right now.  If not, is this
> a good idea?  If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.

Not really a good idea.  Consider what happens when someone forges the IP
addresses.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: OT: An Idea for an IDS
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>
- Re: OT: An Idea for an IDS
  - From: Luis Gomez - InfoEmergencias <lgomez@infoemergencias.com>
- Re: OT: An Idea for an IDS
  - From: nicole <colby@wsu.edu>

Prev by Date: Re: Why is proftpd always started when one update it?
Next by Date: Re: samba woody
Previous by thread: Re: OT: An Idea for an IDS
Next by thread: Re: OT: An Idea for an IDS
Index(es):
- Date
- Thread