Re: Are there any other open sources IDS that not based on snort?

From: Alberto Gonzalez (albertg_at_cerveau.us)
Date: 02/23/04

  • Next message: Matthew L. McGuirl: "RE: Is IDS/IPS worthless?"
    To: focus-ids@securityfocus.com
    Date: Mon, 23 Feb 2004 12:05:28 -0500
    
    

    Prelude [0] is not based on the snort architecture, but _can_ use snort
    as a sensor. Snippet from the Prelude website:

    -----

    "Prelude is an innovative Hybrid Intrusion Detection system designed to
    be very modular, distributed, rock solid and fast.

    Prelude takes benefits from the combination of traces of malicious
    activity from different sensors (snort, honeyd, nessus vulnerability
    scan, hogwash, samhain, systems logs, and others) in order to better
    qualify the attack and in the end to perform automatic correlation
    between the various traces.

    Prelude is commited to provide an IDS that offer the ability to unify
    the currently available tools into one, powerful, distributed
    application."

    -----

    You might want to also look into the Hogwash [1] Project. As of Devel
    0.5 it doesn't use the snort architecture anymore. Although the general
    direction of hogwash is as an inline packet scrubber used to identify
    and drop malicious packets. Hope this helps!

    Cheers,
    Albert Gonzalez

    [0] - http://www.prelude-ids.org
    [1] - http://hogwash.sourceforge.net

    -- 
    "Success comes to the person who does today, what you are thinking of
    doing tomorrow."
    On Mon, 2004-02-23 at 06:42, Chatprechakul Mr N wrote:
    > Hi all,
    >      I am doing a research on network security concentrating on correlation
    > of data from security products already in the network. I try to set up the
    > testbed network and run a few IDSes on this network. However, when I try to
    > find opensource IDS to run I would like different IDS to be difference
    > enough so that they provide diversity in the network. But from what I am
    > trying to find most of the opensource is based on snort (forgive me if I am
    > wrong).
    >      So my question is if anyone know other IDS either host based or network
    > based apart from snort? I have try some website that has list of IDS
    > research, most of them do not exist as a product anymore (if they are ever
    > exist).
    > 
    > Regards,
    > 
    > Nattapon Chatprechakul
    > Depart of Information System
    > RMCS, Cranfield University
    > Shrivenham, Swindon
    > SN6 8LA, UK
    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that integrates 
    six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
    ---------------------------------------------------------------------------
    

  • Next message: Matthew L. McGuirl: "RE: Is IDS/IPS worthless?"

    Relevant Pages

    • Re: Windows based (H)IDS
      ... It may seems so obvious that snort library is very ... Security but it is a commercial product. ... > softwares can be added to the ... > over a network. ...
      (Focus-IDS)
    • Re: Cisco vs. Snort
      ... > going Cisco vs. building a Snort system. ... whereas Cisco that is not the case. ... Most of our products on our network are ... That is probably not a very good idea to have every security related ...
      (Security-Basics)
    • Re: Cisco vs. Snort
      ... > going Cisco vs. building a Snort system. ... whereas Cisco that is not the case. ... Most of our products on our network are ... That is probably not a very good idea to have every security related ...
      (Security-Basics)
    • Re: Are there any other open sources IDS that not based on snort?
      ... > of data from security products already in the network. ... > find opensource IDS to run I would like different IDS to be difference ... Prelude Hybrid IDS implement it's own NIDS and HIDS sensor, ...
      (Focus-IDS)
    • Re: Prelude IDS
      ... I am currently using it to protect my home network. ... > SNORT and Prelude already built into it. ... to be sure that nobody can read/alter/create alerts. ...
      (Focus-IDS)