Re: OT: An Idea for an IDS

To: debian-security@lists.debian.org
Subject: Re: OT: An Idea for an IDS
From: Lucio <lucius@lucius.it>
Date: Tue, 1 Jul 2003 16:42:05 +0200
Message-id: <[🔎] 200307011642.08647.lucius@lucius.it>
Reply-to: lucius@lucius.it
In-reply-to: <[🔎] 20030701102233.7d0970b1.volker.tanger@discon.de>
References: <20030630223833.GA25418@zionlth.org> <[🔎] 20030701102233.7d0970b1.volker.tanger@discon.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker Tanger said:

> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s), ...
>
I think that if you implement some good whitelists, the problem does not 
exist.
There's a plugin (or something like this) in snort that works in a similar 
way.
I don't know if someone is interested, but i started a new project of a mdids 
on Sourceforge. I post the project proposal to Sourceforge:
Project Descriptive Name: Astu mdids

Project UNIX Name: astu

Project Description: Multiplatform distributed intrusion detection system

Registration Description: The project  should be a distributed intrusion 
detection system. It should be composed by a central server which 
communicates securely with satellites on the perimeter of the lan.
The central server shuold admin all the sensors (changing dinamically firewall 
rules)  and receive all the alerts, and manage them by filtering  and sending 
them by mail, sms, or print. The server itself is managed by a web interface. 
The perimetral sensors should be firstly based on snort engine, but the goal 
of the project is to provide a fully centralized system which can operate 
with various oss and technologies (firewalls, etc.). It shuold be interesting 
to develop  Windows sensors, which few idss implement, but important in a 
real mutiplatform lan.

License: GNU General Public License (GPL)

The project has been approved, and i have found lots of people interested in 
it. We're going start it in the next few weeks... If you're interested please 
reply me.
I'm a debian user, so it would be nice to develop it for deb.
Bye
PS: please forgive me if I am too OT

- -- 
Lucius in  fabula
- --www.lucius.it--
Open PGPKey: www.lucius.it/lucius.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQEVAwUBPwGdvRPJoalLltY2AQL21Qf/Ux0UNyt/VC/kAO8UFSWQYGPffHTUVBu2
aKsc1CIl3Cp/UStwyreCe5mJor5+xp66Ap1pih3EXxJssfC/jXOszw9GCmuf3L+3
EuQOFwtpXK1OSwHNYyJSSb2+3+HvtTZRjvEpRXtRnGEVvNnVRI07pbFme/8Bt7z7
v8CBXtZngQJY62DCKpsLX/65FUuiQBpV1q5yauj2hBWWO7TMMD/mn3XTsUgpsRLM
g35WrADSnsSim47pz8qIeGpJWJOmJAMGhT1kNJhabV+vJuN51Z3CnO2p+P4WKkEG
/20pyhBN7X9oDprV1aPKwRuWQKrcLrHl1+rTjTorHDFYLiQZM996wQ==
=j0YF
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: OT: An Idea for an IDS
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Re: OT: An Idea for an IDS
  - From: "Volker Tanger" <volker.tanger@discon.de>

Prev by Date: Re: OT: An Idea for an IDS
Next by Date: Re: Announcement: APT Secure
Previous by thread: Re: OT: An Idea for an IDS
Next by thread: Re: OT: An Idea for an IDS
Index(es):
- Date
- Thread