[41409] in North American Network Operators' Group
Re: IDS Software
daemon@ATHENA.MIT.EDU (Bill Larson)
Fri Sep 7 22:25:26 2001
Message-ID: <003401c1380d$763faf60$2223f8d8@compu.net>
From: "Bill Larson" <blarson@compu.net>
To: "Leo Bicknell" <bicknell@ufp.org>, <nanog@merit.edu>
Date: Fri, 7 Sep 2001 21:24:55 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Simple question simple answer :) http://www.snort.org/
Snort - The Open Source Network Intrusion Detection System
----- Original Message -----
From: "Leo Bicknell" <bicknell@ufp.org>
To: <nanog@merit.edu>
Sent: Friday, September 07, 2001 9:26 PM
Subject: IDS Software
>
>
> I'm starting a project for which I would like some quality IDS
> software. IMHO this opens up a whole can of worms, and will probably
> start a great discussion, but that's probably good on the whole.
>
> First, the requirements. The IDS system must be:
>
> * Free
>
> * Run on FreeBSD, and/or maybe Linux.
>
> * Allow both 'router' detection (where the host acts as a router)
> and 'passive' (where the host is simply a sniffer on a lan).
>
> * Have a reasonable configuration system to allow common false-positives
> to be supressed.
>
> At this point I know almost nothing about IDS systems, other than
> that several companies make such products and charge huge fees for
> them, and that there are a number of open-source products that have
> no confirmed reputations.
>
> Replies to the list are ok, as are private replies. Assuming I get
> something good I will summarize private replies to the list.
>
> --
> Leo Bicknell - bicknell@ufp.org
> Systems Engineer - Internetworking Engineer - CCIE 3440
> Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
