Shadow IDS on basic kenel

From: Jamie French (
Date: 07/31/01

From: Jamie French <>
Date: Tue, 31 Jul 2001 12:20:49 GMT
Message-ID: <>
Subject: Shadow IDS on basic kenel
To: root <>,

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 31/07/2001, 2:19:29 AM, root <> wrote regarding Re: Snort +
(OpenBSD or Linux):

Not a bad idea. Would offer some potential performance gains over locking
down a current dist of xNIX. On the other hand, how often does cpu/mem
usage spike on your current setup?

Guy Bruneau has packaged up Shadow IDS on Slackware and has made it
available on for distribution (sensor only). Dist is
~45MB including the OS prior to install.

Guy is going to upload a newer ver. in the next few days so i recommend
anyone interested in looking at it check back by the end of the week.

Hope this is useful.

Jamie French

> Hi,
> why not write an OS with the only purpose to run an IDS.
> We could use the oskit libs (
> to implement the basic os functions and port the libpcap to our new "os"
> and write the code for the IDS.

> After that we only have a running kernel and a few processes - could be
> very performant I think.

> Martin