Re: OT: An Idea for an IDS

To: debian-security@lists.debian.org
Subject: Re: OT: An Idea for an IDS
From: Thomas Bechtold <CharlieBlue@gmx.de>
Date: Tue, 1 Jul 2003 18:30:35 +0200
Message-id: <[🔎] 200307011830.35646.CharlieBlue@gmx.de>
In-reply-to: <20030630223833.GA25418@zionlth.org>
References: <20030630223833.GA25418@zionlth.org>

Look snort 2.0.0 [1]
It's an Intrusion Detection System. Theres an Preprozessor for Snort called 
'Guardian'[2] to do things like you want. But read the other answers in this 
thread carefully!

Thomas Bechtold

[1] http://snort.org
[2] http://www.chaotic.org/guardian/


On Tuesday 01 July 2003 00:38, Phillip Hofmeister wrote:
> Greets all,
>
> A previous post spawned an idea of mine.  I am not sure if there is a
> project available for this or not.  Here we go:
>
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng.  This daemon
> would then parse the log and look for suspicious things.  If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) and act on the log
> accordingly (in real time) by say dropping an IPTABLE rule down on the
> IP address.
>
> Are there any projects out there to do this right now.  If not, is this
> a good idea?  If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.
>
> Just throwing out a random conscious thought,
>
> --
> Phillip Hofmeister
>
> PGP/GPG Key:
> http://www.zionlth.org/~plhofmei/
> wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
> --
> Excuse #202: That's easy to fix but I can't be bothered.

Reply to:

Prev by Date: Re: OT: An Idea for an IDS
Next by Date: Re: OT: An Idea for an IDS
Previous by thread: Re: OT: An Idea for an IDS
Next by thread: Re: OT: An Idea for an IDS
Index(es):
- Date
- Thread