Shadow IDS 2.0

From: Guy Bruneau (seeker@whitehats.ca)
Date: 07/16/02

Previous message: roy lo: "Re: high-speed NIDS (>1.7GBit/sec traffic) required."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Guy Bruneau <seeker@whitehats.ca>
To: focus-ids@securityfocus.com, ids@uow.edu.au, snort-users@lists.sourceforge.net
Date: Tue, 16 Jul 2002 05:06:42 -0400

This is to announce the release of Shadow IDS version 2.0.

This package is released under the GNU software.

Here are some of the features of Shadow IDS 2.0:

- Hardened OS based on Slackware 8.1
- Linux kernel 2.4.18
- Trimmed down OS (~115 MB) and automatically runs the Shadow software after
   installation
- Minimal user installation and configuration
- Has no compiler and Open SSH is the only external service
- Can only be access via Open SSH (deny all access by default)
- Can search the sensor logs with a multi-day Perl script without the aid of
   an Analyzer. More information on how to use this new feature is available
   on the Shadow IDS installation ***.
- Separate packages are now on the CD to convert the sensor to two NIC. The
   files are located in /files/2NICsensor. Follow the instructions on the
   installation ***.
- See the release note directory for the install instructions
- Can be used to run Snort IDS (see below for separate setup)
- A FAQ is located on the CD in the release note directory

The complete installation process is located at:
http://www.whitehats.ca/main/members/Seeker/seeker_shadow_IDS/seeker_shadow_ids.html

The ISO can be dowloaded at:
http://www.whitehats.ca/downloads/ids/shadow-slack/shadow.iso

The MD5 signature for the Shadow ISO image is located at:
http://www.whitehats.ca/download/ids/shadow-slack/shadow.md5

Snort

The complete Snort IDS installation process is located at:
http://www.whitehats.ca/main/members/Seeker/seeker_snort_ids/seeker_snort_ids.html

A pre-compiled version of Snort is available at:
http://www.whitehats.ca/downloads/ids/snort.tgz

The MD5 signature for the pre-compiled Snort package is available at:
http://www.whitehats.ca/downloads/ids/snort.md5

References:

More on Shadow IDS at: http://www.nswc.navy.mil/ISSEC/CID/
More on Snort at: http://www.snort.org

----------------------
Guy Bruneau, GSEC, GCIA GCUX

Previous message: roy lo: "Re: high-speed NIDS (>1.7GBit/sec traffic) required."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]