Re: fusion of results from heterogeneous sensors
- From: Jean-Philippe Luiggi <jp.luiggi@xxxxxxx>
- Date: Mon, 05 Jun 2006 09:30:52 -0400
Hello,
Considering the "anomaly based" IDS, i'm not sure a tool likes this exists
in open source.
Another tool you may check beside of "snort" is "bro" (http://bro-ids.org).
Using the bro's language you can script your own policies and then
with some tweaks, do and/or check what you want.
Best regards.
On Sat, May 20, 2006 at 09:37:54AM +0530, Raj Malhotra wrote:
Hi All
I am trying to set up a test network comprising of heterogeneous
intrusion detectors. The idea is to use the diverse capabilities of
these detectors to arrive at a decision as to whether an intrusion
took place or not. I intend to use a signature based ids (snort in
this case), an anomaly based network ids ( i don't know what to use
here), something which is very efficient in detecting scans (port
scans, OS fingerprint attempts) etc.
I would be thankful if folks can suggest freeware which can be used
for the above mentioned purpose
thanks in advance
ral
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Prev by Date: RE: Skype & IPS vendor claims
- Next by Date: Tipping Point question
- Previous by thread: RE: Skype & IPS vendor claims
- Next by thread: Tipping Point question
- Index(es):
