Bug#111462: ITP: prelude -- Prelude is a new innovative Network Intrusion Detection system designed to be very modular, evolutive, rock solid and fast.

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#111462: ITP: prelude -- Prelude is a new innovative Network Intrusion Detection system designed to be very modular, evolutive, rock solid and fast.
From: Igor Genibel <igor@genibel.org>
Date: Thu, 06 Sep 2001 17:30:30 +0200
Message-id: <E15f16s-00039T-00@tass.genibel.org>
Reply-to: Igor Genibel <igor@genibel.org>, 111462@bugs.debian.org

Package: wnpp
Version: N/A; reported 2001-09-06
Severity: wishlist

* Package name    : prelude
  Version         : 0.4.2
  Upstream Author : Yoann Vandoorselaere <yoann@mandrakesoft.com>
* URL             : http://prelude.sourceforge.net/
* License         : (GPL)
  Description : Prelude is a new innovative Network Intrusion  Detection
  system designed to be very modular, evolutive, rock solid and fast.
  
 Prelude is a general-purpose hybrid intrusion detection system, written
 entirely from scratch, in C. Right now, it handles all  of  the  TCP/IP
 stack over Ethernet. Prelude is divided into several parts :

    * Prelude, the  NIDS  sensor,  responssible  for  real  time  packet
      capture and analysis.

          * The signature engine, designed to be completly  generic  and
            evolutive, it is currently able to read Snort  rulesets.  By
            simply adding parser, it should permit to load rulesets from
            any NIDS easily.

          * The protocol plugins, which can handle packet  at  a  higher
            level than prelude do, ie: you  got  a  tcp  packet,  and  a
            Protocol plugin detect  that  packet  data  contain  an  rpc
            header, so it will decode the rpc header,  and  ask  to  the
            associated Detection plugin to analyze the decoded header.

          * A set of detection plugins which job is to analyze the  data
            they are interested in (they register the protocol they  are
            interested in at initialisation time), and  will  eventually
            emmit a security warning. Dection plugin should only be used
            for complex intrusion detection that can't be done using the
            signature engine.

    * A report server, which sensors contacts  in  order  to  report  an
      intrusion, that generate user readable reports using plugins.

          * The reporting plugins, which job is to  decode  the  reports
            issued by Detection plugin, and translate them  in  an  user
            readable form (ex: syslog report, html report, etc).

-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux tass 2.4.9 #1 mer aoû 29 19:24:43 CEST 2001 i686
Locale: LANG=fr_FR, LC_CTYPE=fr_FR

Reply to:

Prev by Date: Bug#111309: xtail package for Debian
Next by Date: Bug#110721: ITP: css-elisp -- Emacs Mode for editing Cascading Style Sheets
Previous by thread: Processed: ITA: ncbi-tools6
Next by thread: Bug#107783: marked as done (ITA: pccts -- The Purdue Compiler Construction Tool Set)
Index(es):
- Date
- Thread