Re: IDS for a non-well-known protocol?
--On April 10, 2006 10:39:18 AM +0200 Lezgin Bakircioglu
<lerra82@gmail.com> wrote:
Greetings to everybody in the security scene.
I have a question around the area IDS.
I am in a difficult situation, i need a IDS that shall support a
non-well-known protocol, is there any tip on any good IDS that is easy to
dev a understanding for this protocol?
I'm not sure what you're asking entirely but if I read your question right
I think you want an IDS at all, you just want a packet sniffer, like
ethereal/tethereal or even tcpdump so you can develop an understanding of
whats going over the wire with the protocol you're looking at? If you aim
to create signatures/etc to trigger alarms or log entries then IDS *might*
sort of be what you're looking for.
If it really is IDS (Intrusion Detection System) you're looking for it
depends on what type/level of IDS. A popular approach is to use a packet
sniffing based IDS such as Snort, another approach is to setup honeypots
using say honeyd/honeynet.
SNORT's site has lots of good guides on how to set it up.
Any good docs/howto or guides?
I have look t little in to snort and my thoughts is to using that, a
little complicated doc in this area but should be possible..
Any good community's tip?
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
--
Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting
Reply to: