Developing IDS

From: Peteris Krumins (newsgroups@lf.lv)
Date: 04/10/03

  • Next message: Luke Leboeuf: "RE: ISS and Snort logs"
    Date: Thu, 10 Apr 2003 22:04:29 +0300
    From: Peteris Krumins <newsgroups@lf.lv>
    To: focus-ids@securityfocus.com
    
    

    Hello people,

     I am developing an ids system and i'd like to hear you opinions what
     is a _must_ for an ids system and what are great features to add?

     I am joining a fw and an IDS system together. Currently the system is
     able to detect any bad (invalid packets, reserved ips etc. - dropped
     immediately) and suspicious (for example, late night logins, multiple
     tries to login etc. - logged to database and if user has chosen, sends sms
     or email) traffic.
     
     Currently the system is being developed so that anything bad is
     logged to a database. Later anyone using my IDS can see very detalized
     statistics.

    Best regards,
    P.Krumins

    -----------------------------------------------------------
    ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
    Learn why 70% of today's successful hacks involve Web Application
    attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter
    Manipulation.
    http://www.spidynamics.com/mktg/webappsecurity71


  • Next message: Luke Leboeuf: "RE: ISS and Snort logs"