IDS: freeware IDS

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Gene Tsudik: "IDS: Final CFP: 5th ACM Conference on Computer and Communications Security"
• Previous message: Steve McBride: "Re: IDS: Current Tools ..."

----------------------------------------------------------------------------
>I get the sense that freeware is now lagging the commercial market, in terms 
>of available features.  

Freeware tends to lag; there's less incentive for the authors to keep
things up to date and they often have "real jobs" and other hassles.

For IDS, you might want to take a look at NFR. It's freely available
in source code form, from www.nfr.net. There's a white paper on what
it does and how it works on:
http://www.nfr.net/forum/publications/LISA-97.htm
The NFR by itself isn't an IDS -- it's kind of the ultimate bottom
half of an IDS, with a strong forensic capability and historical
statistics built in. I think it rocks, but I'm biassed. :)
NFR can easily be used for simple ID, by programming it to look
for certain types of events/changes in the network, new networks,
protocols, etc.

Full source and docs are on the website for free non-commercial
and research use. Enjoy!

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

• Next message: Gene Tsudik: "IDS: Final CFP: 5th ACM Conference on Computer and Communications Security"
• Previous message: Steve McBride: "Re: IDS: Current Tools ..."