I'm starting a project for which I would like some quality IDS software. IMHO this opens up a whole can of worms, and will probably start a great discussion, but that's probably good on the whole. First, the requirements. The IDS system must be: * Free * Run on FreeBSD, and/or maybe Linux. * Allow both 'router' detection (where the host acts as a router) and 'passive' (where the host is simply a sniffer on a lan). * Have a reasonable configuration system to allow common false-positives to be supressed. At this point I know almost nothing about IDS systems, other than that several companies make such products and charge huge fees for them, and that there are a number of open-source products that have no confirmed reputations. Replies to the list are ok, as are private replies. Assuming I get something good I will summarize private replies to the list. -- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
Simple question simple answer :) http://www.snort.org/ Snort - The Open Source Network Intrusion Detection System ----- Original Message ----- From: "Leo Bicknell" <bicknell@ufp.org> To: <nanog@merit.edu> Sent: Friday, September 07, 2001 9:26 PM Subject: IDS Software
I'm starting a project for which I would like some quality IDS software. IMHO this opens up a whole can of worms, and will probably start a great discussion, but that's probably good on the whole.
First, the requirements. The IDS system must be:
* Free
* Run on FreeBSD, and/or maybe Linux.
* Allow both 'router' detection (where the host acts as a router) and 'passive' (where the host is simply a sniffer on a lan).
* Have a reasonable configuration system to allow common false-positives to be supressed.
At this point I know almost nothing about IDS systems, other than that several companies make such products and charge huge fees for them, and that there are a number of open-source products that have no confirmed reputations.
Replies to the list are ok, as are private replies. Assuming I get something good I will summarize private replies to the list.
-- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
On Fri, Sep 07, 2001 at 10:26:14PM -0400, Leo Bicknell wrote:
Replies to the list are ok, as are private replies. Assuming I get something good I will summarize private replies to the list.
Well, it looks like options are limited, but good. A total of 18 people pointed me to Snort, www.snort.org, with 2 people suggesting Bro, http://www.aciri.org/vern/bro-info.html. Thanks all. -- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
participants (2)
-
Bill Larson -
Leo Bicknell