Hello, I need some tools to monitor an ip network for intrusion detection. Can someone help me with this ? I tried before some public domain tools like argus but i need to know is someone has successfully constrcuted a good & complete intrusion detection solution (i.e monitoring, logging, real-time alarms, proactive monitoring, ..) I'm also interested in the developement of such a solutions, and i may coordinate the distributed developement effort with coordination with academic projects focusing the same goal. Best regards Hamdi
Hamdi,
I need some tools to monitor an ip network for intrusion detection. Can someone help me with this ? I tried before some public domain tools like argus but i need to know is someone has successfully constrcuted a good & complete intrusion detection solution (i.e monitoring, logging, real-time alarms, proactive monitoring, ..)
Dan Esbensen and the folks at TTI have built what I consider to be a very good intrusion detection system. It is capable of monitoring and logging sessions, real-time and delayed playback of sessions, alarms with various associated actions, etc. You can filter for specific textual patterns in a flow or filter based on IP address or TCP port. They've put the documentation online at http://www.ttinet.com/doc/insa_v15_contents.html The sell it as a bundled system. It runs under VMS on an Alpha which they size based on the number of concurrent sessions you wish to monitor (I'm not a fan of VMS, but the system is turn-key so you don't have to mess with VMS unless you want to mung the log files generated by the system). regards, mb -- Mark Boolootian UC Santa Cruz
participants (2)
-
Hamdi TOUNSI
-
Mark Boolootian