RE: Open Source IDS Solution?

From: McKinley, Jackson (Jackson.McKinley_at_team.telstra.com)
Date: 08/26/05

  • Next message: Joshua Wright: "Re: looking for wireless IDS whitepaper"
    Date: Fri, 26 Aug 2005 13:47:51 +1000
    To: <focus-ids@securityfocus.com>
    
    

     Personally I think snort is the best sensor ive seen, add that with the
    speed that. The difference I think is what you do with your alerts
    (Correlation technology).

    There are a number of "Open source" correlation engines out there. One
    that ive always liked was Open Aanval by remote assesment. They have
    started to sell it how but from memory there is still an open source /
    free limited version version. Its called Aaanval or something..
    www.aanval.com

    -----Original Message-----
    From: Persio Pucci [mailto:ppucci@multirede.com.br]
    Sent: Friday, 26 August 2005 3:58 AM
    To: focus-ids@securityfocus.com
    Subject: Open Source IDS Solution?

    Hello folks,

    I am working on a study to deploy some IDS over my company's network,
    and I would like to know what GOOD and RELIABLE Open Source IDS are out
    there. I could not find a comparative sheet of any kind (or at least,
    not a recent one) so I am asking you guys if you have any good ideas. I
    already know Snort. What are the other ones?

    Thank you for your help!

    - Persio

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------


  • Next message: Joshua Wright: "Re: looking for wireless IDS whitepaper"

    Relevant Pages

    • Re: newbie quetsions (on how much Snort sucks)
      ... or for the development effort that goes into Snort, ... Open source is a community effort, we rely on constructive criticism, ... >> The reality is that every IDS has evasion potentials and if you are ... I'm not that capable an attacker. ...
      (Focus-IDS)
    • Re: newbie quetsions (on how much Snort sucks)
      ... side effect of the way that we do "flushing" in the stream reassembler, ... You get out of IDS what you put into it. ... October on the mailing list that made no mention of Snort. ... >> getting into the open source spirit now!) ...
      (Focus-IDS)
    • Re: [Fwd: BUSINESS ANALYST/ CALIPER/ CONTRACT/ VA]
      ... You seem to think that Informix is important, and yet, I would need just ... If IBM dumps IDS into the public domain, ... but you have to think like Open Source people ...
      (comp.databases.informix)
    • Re: newbie quetsions
      ... Although, keep in mind, Snort completely fails the CRI test, and does ... Do I need IDS? ... >CORE IMPACT. ... >Find out quickly and easily by testing it with real-world attacks from ...
      (Focus-IDS)
    • RE: Legal problem - IDS - Commercial Vs Open Source.
      ... ALL SOFTWARE, Including Free, GNU, commercial, Open Source and all have NO WARRANTIES liscencies except some very rare and special cases. ... Legal problem - IDS - Commercial Vs Open Source. ... If we have a breaking and are using a commercial IDS product ... Can you sue ...
      (Security-Basics)