[41408] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

IDS Software

daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Sep 7 22:21:14 2001

Date: Fri, 7 Sep 2001 22:26:14 -0400
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@merit.edu
Message-ID: <20010907222614.A73452@ussenterprise.ufp.org>
Mail-Followup-To: Leo Bicknell <bicknell@ussenterprise.ufp.org>,
	nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu



I'm starting a project for which I would like some quality IDS
software.  IMHO this opens up a whole can of worms, and will probably
start a great discussion, but that's probably good on the whole.

First, the requirements.  The IDS system must be:

* Free

* Run on FreeBSD, and/or maybe Linux.

* Allow both 'router' detection (where the host acts as a router)
  and 'passive' (where the host is simply a sniffer on a lan).

* Have a reasonable configuration system to allow common false-positives
  to be supressed.

At this point I know almost nothing about IDS systems, other than
that several companies make such products and charge huge fees for
them, and that there are a number of open-source products that have
no confirmed reputations.

Replies to the list are ok, as are private replies.  Assuming I get
something good I will summarize private replies to the list.

-- 
Leo Bicknell - bicknell@ufp.org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org

home help back first fref pref prev next nref lref last post