Project Announce : Crusoe CIDS (Started at the beginning 2003)

From: crusoe ids (
Date: 11/16/03

  • Next message: Mark Teicher: "Re: SOHO Hardware IDS"
    Date: Sun, 16 Nov 2003 17:26:48 +0100 (CET)

    Crusoe CIDS is a project of detection of network

    This project has to start of a need that I had the
    time of the exploitation of tool.

    This project must allow :

     - to simplify regular work

     - of create, to analyse, use new modeles of detection
    of network intrusion

    What the project does not do :

     - not modif rules fw

     - not the blocking of the network traffic (IPS)

     - not h-ids

    Which are the idea / projects which made create Crusoe
    CIDS :

     - the sniffer / analyzer SHADOW CIDER

     - tcpdump

     - snort

     - syslog_ng / logsurfer / swatch

    Plateform avalaible :

     - FreeBSD v4.[8-9] secured

    Defect of the project current :

     - Performance storage/treatment

     - slow evolution of the project

    Tools used :

     - snort / prelude / firestorm

     - tcpdump / tethereal / argus / tcptrace

     - mysql / rrd

     - apache / perl / openssl

     - p0f / ettercap

     - net-snmp

     - honeyd

    Tools to develop within the framework of the Crusoe
    CIDS :

     - CrusoeDump

     - LogScan

     - ScanDetect

     - Dispatcher

     - Agent

     - modify / adapt of the whole of the already existing

    Goal of this Project :

     to record all the traffic network (IPv4)
     to receive information / alarms of the nIDS (and to
    support has term the already existing nIDS)
     verify information compared to the traffic recorded
     forensic all information
     update the detection of intrusion while :
      network stats (ntop)
      existing informations of the
     support at output data to
     support at input data from CVE
    This project do not be to devel existing tools,
    on the contrary, the goal is to use the existing
    and to treat automatic manner current alarms,
    to allow to seek new attacks quickly.

     It is not yet decider of what will be free or not.


    Do You Yahoo!? -- Une adresse gratuite et en franšais !
    Yahoo! Mail :

    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    and use priority code SF4.

  • Next message: Mark Teicher: "Re: SOHO Hardware IDS"