Shadow IDS on basic kenelFrom: Jamie French (J.French@ottawa.com)
- Previous message: Jeff Nathan: "Re: Snort + (OpenBSD or Linux)"
- In reply to: root: "Re: Snort + (OpenBSD or Linux)"
- Next in thread: Dragos Ruiu: "Re: Snort + (OpenBSD or Linux)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jamie French <J.French@ottawa.com> Date: Tue, 31 Jul 2001 12:20:49 GMT Message-ID: <email@example.com> Subject: Shadow IDS on basic kenel To: root <firstname.lastname@example.org>, FOCUS-IDS@securityfocus.com
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 31/07/2001, 2:19:29 AM, root <email@example.com> wrote regarding Re: Snort +
(OpenBSD or Linux):
Not a bad idea. Would offer some potential performance gains over locking
down a current dist of xNIX. On the other hand, how often does cpu/mem
usage spike on your current setup?
Guy Bruneau has packaged up Shadow IDS on Slackware and has made it
available on www.whitehats.ca for distribution (sensor only). Dist is
~45MB including the OS prior to install.
Guy is going to upload a newer ver. in the next few days so i recommend
anyone interested in looking at it check back by the end of the week.
Hope this is useful.
> why not write an OS with the only purpose to run an IDS.
> We could use the oskit libs (http://www.cs.utah.edu/projects/flux/oskit/)
> to implement the basic os functions and port the libpcap to our new "os"
> and write the code for the IDS.
> After that we only have a running kernel and a few processes - could be
> very performant I think.