Project Announce : Crusoe CIDS (Started at the beginning 2003)

From: crusoe ids (crusoecids_at_yahoo.fr)
Date: 11/16/03

  • Next message: Mark Teicher: "Re: SOHO Hardware IDS"
    Date: Sun, 16 Nov 2003 17:26:48 +0100 (CET)
    To: focus-ids@securityfocus.com
    
    

    Crusoe CIDS is a project of detection of network
    Intrusion.

    This project has to start of a need that I had the
    time of the exploitation of tool.

    This project must allow :

     - to simplify regular work

     - of create, to analyse, use new modeles of detection
    of network intrusion

    What the project does not do :

     - not modif rules fw

     - not the blocking of the network traffic (IPS)

     - not h-ids

    Which are the idea / projects which made create Crusoe
    CIDS :

     - the sniffer / analyzer SHADOW CIDER

     - tcpdump

     - snort

     - syslog_ng / logsurfer / swatch

    Plateform avalaible :

     - FreeBSD v4.[8-9] secured

    Defect of the project current :

     - Performance storage/treatment

     - slow evolution of the project

    Tools used :

     - snort / prelude / firestorm

     - tcpdump / tethereal / argus / tcptrace

     - mysql / rrd

     - apache / perl / openssl

     - p0f / ettercap

     - net-snmp

     - honeyd

    Tools to develop within the framework of the Crusoe
    CIDS :

     - CrusoeDump

     - LogScan

     - ScanDetect

     - Dispatcher

     - Agent

     - modify / adapt of the whole of the already existing
    tools

    Goal of this Project :

     to record all the traffic network (IPv4)
     to receive information / alarms of the nIDS (and to
    support has term the already existing nIDS)
     verify information compared to the traffic recorded
     forensic all information
     update the detection of intrusion while :
      network stats (ntop)
      existing informations of the
    fw/honeypots/routers/switchs
     support at output data to http://www.incidents.org
     support at input data from CVE
     
    This project do not be to devel existing tools,
    on the contrary, the goal is to use the existing
    information/tools,
    and to treat automatic manner current alarms,
    to allow to seek new attacks quickly.

     It is not yet decider of what will be free or not.

    Regards.

    crusoecids@yahoo.fr
    http://crusoecids.dyndns.org

    ___________________________________________________________
    Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en franšais !
    Yahoo! Mail : http://fr.mail.yahoo.com

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
    and use priority code SF4.
    ---------------------------------------------------------------------------


  • Next message: Mark Teicher: "Re: SOHO Hardware IDS"

    Relevant Pages

    • Re: Woe Is NBC
      ... The network was just barely hanging on on Friday nights with Deal, ... Crusoe and Life, but with its addition of Lipstick Jungle in place of ... and Jungle did even worse on Friday with a barely visible 2.3. ... Can NBC continue airing these shows, at least Crusoe and Jungle, ...
      (rec.arts.tv)
    • Re: Changes in IDS Companies?
      ... I think that the intrusion prevention space will probably endup ... just like the detection space is. ... > Network intrusion prevention systems are also relatively untested and ... > complete lack of discussion about the downsides of such technologies. ...
      (Focus-IDS)
    • RE: Changes in IDS Companies?
      ... It does intrusion detection with alerting and pattern matching ... IDS is down...but at least your network isn't, ... ::: mode being rolled into Snort) are both good technologies ...
      (Focus-IDS)