Shadow IDS on basic kenel

From: Jamie French (J.French@ottawa.com)
Date: 07/31/01


From: Jamie French <J.French@ottawa.com>
Date: Tue, 31 Jul 2001 12:20:49 GMT
Message-ID: <20010731.12204975@mis.configured.host>
Subject: Shadow IDS on basic kenel
To: root <root@elxsi.de>, FOCUS-IDS@securityfocus.com


>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 31/07/2001, 2:19:29 AM, root <root@elxsi.de> wrote regarding Re: Snort +
(OpenBSD or Linux):

Not a bad idea. Would offer some potential performance gains over locking
down a current dist of xNIX. On the other hand, how often does cpu/mem
usage spike on your current setup?

Guy Bruneau has packaged up Shadow IDS on Slackware and has made it
available on www.whitehats.ca for distribution (sensor only). Dist is
~45MB including the OS prior to install.

Guy is going to upload a newer ver. in the next few days so i recommend
anyone interested in looking at it check back by the end of the week.

Hope this is useful.

Regards,
Jamie French
Whitehats.ca

> Hi,
> why not write an OS with the only purpose to run an IDS.
> We could use the oskit libs (http://www.cs.utah.edu/projects/flux/oskit/)
> to implement the basic os functions and port the libpcap to our new "os"
> and write the code for the IDS.

> After that we only have a running kernel and a few processes - could be
> very performant I think.

> Martin