retitle 111462 ITP: prelude -- Hybrid Intrusion Detection System thanks Followup-For: Bug #111462 Package: wnpp Version: N/A; reported 2002-01-29 Severity: wishlist
* Package name : prelude Version : 0.4.2 Upstream Author : Yoann Vandoorselaere <[EMAIL PROTECTED]> * URL : http://www.prelude-ids.org/ * License : GPL Description : Hybrid Intrusion Detection system Prelude is a general-purpose hybrid intrusion detection system, written entirely from scratch, in C. Right now, it handles all of the TCP/IP stack over Ethernet. Prelude is divided into several parts : * Prelude, the NIDS sensor, responsible for real time packet capture and analysis. * The signature engine, designed to be completly generic and evolutive, it is currently able to read Snort rulesets. By simply adding parser, it should permit to load rulesets from any NIDS easily. * The protocol plugins, which can handle packet at a higher level than prelude does, ie: you got a tcp packet, and a Protocol plugin detects that packet data contain an rpc header, so it will decode the rpc header, and ask to the associated Detection plugin to analyze the decoded header. * A set of detection plugins whose job is to analyze the data they are interested in (they register the protocol they are interested in at startup time), and will eventually generate a security warning. Detection plugins should only be used for complex intrusion detection that can't be done using the signature engine. * A report server, which sensors contacts in order to report an intrusion, that generates user readable reports using plugins. * The reporting plugins, which job is to decode the reports issued by Detection plugin, and translate them in an user readable form (ex: syslog report, html report, etc). -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux lise 2.4.17 #1 jeu jan 24 20:15:40 CET 2002 i686 Locale: LANG=fr_FR.ISO-8859-1, LC_CTYPE=fr_FR.ISO-8859-1 -- Thomas Seyrat.
