Project Announce : Crusoe CIDS (Started at the beginning 2003)

• Previous message: Mark Teicher: "Re: SOHO Hardware IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 16 Nov 2003 17:26:48 +0100 (CET)
To: focus-ids@securityfocus.com

Crusoe CIDS is a project of detection of network
Intrusion.

This project has to start of a need that I had the
time of the exploitation of tool.

This project must allow :

 - to simplify regular work

 - of create, to analyse, use new modeles of detection
of network intrusion

What the project does not do :

 - not modif rules fw

 - not the blocking of the network traffic (IPS)

 - not h-ids

Which are the idea / projects which made create Crusoe
CIDS :

 - the sniffer / analyzer SHADOW CIDER

 - tcpdump

 - snort

 - syslog_ng / logsurfer / swatch

Plateform avalaible :

 - FreeBSD v4.[8-9] secured

Defect of the project current :

 - Performance storage/treatment

 - slow evolution of the project

Tools used :

 - snort / prelude / firestorm

 - tcpdump / tethereal / argus / tcptrace

 - mysql / rrd

 - apache / perl / openssl

 - p0f / ettercap

 - net-snmp

 - honeyd

Tools to develop within the framework of the Crusoe
CIDS :

 - CrusoeDump

 - LogScan

 - ScanDetect

 - Dispatcher

 - Agent

 - modify / adapt of the whole of the already existing
tools

Goal of this Project :

 to record all the traffic network (IPv4)
 to receive information / alarms of the nIDS (and to
support has term the already existing nIDS)
 verify information compared to the traffic recorded
 forensic all information
 update the detection of intrusion while :
  network stats (ntop)
  existing informations of the
fw/honeypots/routers/switchs
 support at output data to http://www.incidents.org
 support at input data from CVE
 
This project do not be to devel existing tools,
on the contrary, the goal is to use the existing
information/tools,
and to treat automatic manner current alarms,
to allow to seek new attacks quickly.

 It is not yet decider of what will be free or not.

Regards.

crusoecids@yahoo.fr
http://crusoecids.dyndns.org

___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
and use priority code SF4.
---------------------------------------------------------------------------

• Previous message: Mark Teicher: "Re: SOHO Hardware IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]