Yes, it's a IDS I am looking for because I need an alarm when somebody
is doing what he/her is not supposed to do to a set of machines.
The thing with Honeynet is that they just sit there and hope sombody
will hack it.
But thanks, I have started the work on Snort and will develop a
understanding for the protocol!
Michael Loftis skrev:
--On April 10, 2006 10:39:18 AM +0200 Lezgin Bakircioglu
<[EMAIL PROTECTED]> wrote:
Greetings to everybody in the security scene.
I have a question around the area IDS.
I am in a difficult situation, i need a IDS that shall support a
non-well-known protocol, is there any tip on any good IDS that is easy to
dev a understanding for this protocol?
I'm not sure what you're asking entirely but if I read your question
right I think you want an IDS at all, you just want a packet sniffer,
like ethereal/tethereal or even tcpdump so you can develop an
understanding of whats going over the wire with the protocol you're
looking at? If you aim to create signatures/etc to trigger alarms or
log entries then IDS *might* sort of be what you're looking for.
If it really is IDS (Intrusion Detection System) you're looking for it
depends on what type/level of IDS. A popular approach is to use a
packet sniffing based IDS such as Snort, another approach is to setup
honeypots using say honeyd/honeynet.
SNORT's site has lots of good guides on how to set it up.
Any good docs/howto or guides?
I have look t little in to snort and my thoughts is to using that, a
little complicated doc in this area but should be possible..
Any good community's tip?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
--
Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting
--
MVH
Lezgin Bakircioglu
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
