Re: New Azwalaro project, is a French Open Source Nids project
- From: Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx>
- Date: Tue, 12 Sep 2006 15:04:27 +0200
rmkml wrote:
This project is under developpement (pre alpha version) because not find
on another nids open source product easy to exte
nd,
Well, this is a pity, because working on Snort or Bro or Prelude would
have benefited the community a lot more than starting YARBIDS (Yet
Another Rule Based IDS)...
and work with very good ethereal/wireshark dissector library !
Hint: I may be wrong, but that library is painfully slow for real-time
IDS purposes on real world networks.
Maybe Martin Roesch or another Snort/Sourcefire guy can correct me on
this...
- fix uri content
What do you mean ? If it's the example on your page, I'm sorry to say
that contextual rules for protocols are already in Snort and in almost
any good commercial product...
- work with ssl session
You cannot, unless you disclose private keys to your IDS box. That's Not
Recommended (TM), but there's a lot of ways to do that
- search on mime attachement
Any IDS worth its cost can do that.
- reduce false alert
That's the holy grail, you're welcome to join us in its search :)
Stefano
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- References:
- Prev by Date: RE: Scan for "outsider" Pcs on network
- Next by Date: Re: New Azwalaro project, is a French Open Source Nids project
- Previous by thread: New Azwalaro project, is a French Open Source Nids project
- Next by thread: Re: New Azwalaro project, is a French Open Source Nids project
- Index(es):
Relevant Pages
|
