I recently attended the FIRST conference in Boston where Spafford announced the availability of a new security FTP archive at Purdue. I've attached a copy of the announcement at the end of this note. It was sent to various security mailing lists [ids was not included]. Check out the directory: ftp://coast.cs.purdue.edu:/pub/doc/intrusion_detection Here's a few other pointers: For information on NIDES (SRI's Next-Generation Intrusion Detection System): ftp://ftp.csl.sri.com:/pub/nides SAIC has a WWW server: http://mls.saic.com Go to Security/Other Security Docs/Misc Docs SAIC also has a IDS called CMDS which Paul Proctor presented at the FIRST conference. Look under product descriptions on their WWW server. I'm looking for information on NID from CIAC. I know it's only available for U.S. DOE sites, but does anyone have any papers published on it? -- | Todd Gamble Phone: +1-918-588-4222 | | WilTel, IT Development FAX: +1-918-561-6333 | | One Williams Center, MD/29-2 Email: todd_gamble@wiltel.com | | Tulsa, OK 74172, USA | [ attached COAST archive announcement ] Gene Spafford writes: > From bugtraq-owner@fc.net Thu Aug 4 02:24:45 1994 > Message-Id: <199408032319.SAA01195@uther.cs.purdue.edu> > To: sage-security@usenix.org, first-info@first.org, firewalls@greatcircle.com, > bugtraq@crimelab.com > Subject: COAST FTP archive on-line > Cc: coast@cs.purdue.edu, security-archive@cs.purdue.edu > Reply-To: spaf@cs.purdue.edu > Organization: COAST, Department of Computer Sciences, Purdue Univ. > Date: Wed, 03 Aug 1994 18:18:43 -0500 > From: spaf@cs.purdue.edu (Gene Spafford) > Sender: bugtraq-owner@crimelab.com > Precedence: bulk > > Announcing the COAST Security FTP Archive! > > The COAST group at Purdue are happy to (finally) announce the > availability of our security archive. The archive is currently > available via FTP, with extensions to gopher and WWW planned soon. > > The archive currently contains software, standards, tools, and other > material in the following areas: > > * access control > * artificial life > * authentication > * criminal investigation > * cryptography > * e-mail privacy enhancement > * firewalls > * formal methods > * general guidelines > * genetic algorithms > * incident response > * institutional policies > * intrusion detection > * law & ethics > * malware (viruses, worms, etc) > * network security > * password systems > * policies > * privacy > * risk assessment > * security related equipment > * security tools > * social impacts > * software forensics > * software maintenance > * standards > * technical tips > * the computer underground > > The collection also contains a large set of site "mirrors" of > interesting collections, many of which are linked by topic to the rest > of the archive. > > You can connect to the archive using standard ftp to > "coast.cs.purdue.edu". Information about the archive structure and > contents is present in "/pub/aux"; we encourage users to look there, > and to read the README* files located in the various directories. > > If you know of material you think should be added, please send mail to > security-archive@cs.purdue.edu and tell us what you have and where we > can get a copy. In order of preference, we would prefer to get: > -- a pointer to the source ftp site for a package > -- a pointer to a mirror ftp site for the package > -- a uuencoded tar file > -- a shar file > -- a diskette or QIC tape > > If you are providing software, we encourage you to "sign" the software > with PGP to produce a standalone signature file. This will help to > ensure against trojaned versions of the software finding their way > into the archive. > > Any comments or suggestions about the archive should be directed to > "security-archive@cs.purdue.edu" -- please let us know what you think! > > >