[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IDS for a non-well-known protocol?
--On April 10, 2006 10:39:18 AM +0200 Lezgin Bakircioglu <lerra82@gmail.com> wrote: 
Greetings to everybody in the security scene.
I have a question around the area IDS.
I am in a difficult situation, i need a IDS that shall support a
non-well-known protocol, is there any tip on any good IDS that is easy to
dev a understanding for this protocol?

I'm not sure what you're asking entirely but if I read your question right 
I think you want an IDS at all, you just want a packet sniffer, like 
ethereal/tethereal or even tcpdump so you can develop an understanding of 
whats going over the wire with the protocol you're looking at?  If you aim 
to create signatures/etc to trigger alarms or log entries then IDS *might* 
sort of be what you're looking for.

If it really is IDS (Intrusion Detection System) you're looking for it 
depends on what type/level of IDS.  A popular approach is to use a packet 
sniffing based IDS such as Snort, another approach is to setup honeypots 
using say honeyd/honeynet.

SNORT's site has lots of good guides on how to set it up.


Any good docs/howto or guides?
I have look t little in to snort and my thoughts is to using that, a
little complicated doc in this area but should be possible..
Any good community's tip?


--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org






--
Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting









Reply to: