RE: HIDS - new technologies ?
From: Daniel Polombo (polombo@cartel-securite.fr)Date: 07/11/02
- Previous message: Lawless, Tim: "RE: HIDS - new technologies ?"
- In reply to: Brennen Reynolds: "RE: HIDS - new technologies ?"
- Next in thread: Detmar Liesen: "RE: HIDS - new technologies ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Daniel Polombo <polombo@cartel-securite.fr> To: Brennen Reynolds <bereynolds@ucdavis.edu> Date: 11 Jul 2002 11:08:43 +0200
Le jeu 11/07/2002 à 06:16, Brennen Reynolds a écrit :
> Kunal,
>
> While it is not a commercial IDS by any means, systrace
> (http://www.citi.umich.edu/u/provos/systrace/) by Niels Provos does what you
> are describing. A profile is created of acceptable system calls and if an
> anomaly is detected an appropriate action is taken. I believe he has
> implemented in on several BSD platforms and is currently porting it to
> Linux.
IIRC it's now included in both OpenBSD and NetBSD. The Linux port is
done by Marius A. Eriksen, and while there's no official ETA, it's
supposed to be almost done.
-- Daniel
- Previous message: Lawless, Tim: "RE: HIDS - new technologies ?"
- In reply to: Brennen Reynolds: "RE: HIDS - new technologies ?"
- Next in thread: Detmar Liesen: "RE: HIDS - new technologies ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
