Bug#111462: ITP: prelude -- Hybrid Intrusion Detection System
retitle 111462 ITP: prelude -- Hybrid Intrusion Detection System
thanks
Followup-For: Bug #111462
Package: wnpp
Version: N/A; reported 2002-01-29
Severity: wishlist
* Package name : prelude
Version : 0.4.2
Upstream Author : Yoann Vandoorselaere <yoann@mandrakesoft.com>
* URL : http://www.prelude-ids.org/
* License : GPL
Description : Hybrid Intrusion Detection system
Prelude is a general-purpose hybrid intrusion detection system, written
entirely from scratch, in C. Right now, it handles all of the TCP/IP
stack over Ethernet. Prelude is divided into several parts :
* Prelude, the NIDS sensor, responsible for real time packet
capture and analysis.
* The signature engine, designed to be completly generic and
evolutive, it is currently able to read Snort rulesets. By
simply adding parser, it should permit to load rulesets from
any NIDS easily.
* The protocol plugins, which can handle packet at a higher
level than prelude does, ie: you got a tcp packet, and a
Protocol plugin detects that packet data contain an rpc
header, so it will decode the rpc header, and ask to the
associated Detection plugin to analyze the decoded header.
* A set of detection plugins whose job is to analyze the data
they are interested in (they register the protocol they are
interested in at startup time), and will eventually generate a
security warning. Detection plugins should only be used for
complex intrusion detection that can't be done using the
signature engine.
* A report server, which sensors contacts in order to report an
intrusion, that generates user readable reports using plugins.
* The reporting plugins, which job is to decode the reports
issued by Detection plugin, and translate them in an user
readable form (ex: syslog report, html report, etc).
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux lise 2.4.17 #1 jeu jan 24 20:15:40 CET 2002 i686
Locale: LANG=fr_FR.ISO-8859-1, LC_CTYPE=fr_FR.ISO-8859-1
--
Thomas Seyrat.
Reply to: