Re: Intro (was: Re: IDS: please try give appropriate subject names)

Paul Stevens (paul@nfg.nl)
22 Mar 1999 22:26:33 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Mayer: "Re: IDS: RE: Network Intrusion Detection"
Previous message: John Mayer: "Re: IDS: RE: Network Intrusion Detection"
In reply to: Michael G. Reed: "Re: Intro (was: Re: IDS: please try give appropriate subject names)"
Next in thread: Michael G. Reed: "Re: Intro (was: Re: IDS: please try give appropriate subject names)"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------


> I suggest you look at the following for traffic-analysis systems:
> 
> Onion Routing (http://www.onion-router.net/ -- okay, so this is a
> shameless plug for my research :-).  This system is free and the code
> is about to be release Open-Source.  We support Linux as one of our
> primary development platforms.

If I understand your website correctly the union project is about
defeating traffic-analysis. I, on the other hand, wish to expand my
traffic-analysis capabilities.

I've been building my own experimental code, using pcap (tcpdump) and
python for my initial datapipe and mysql for offline storage and
analysis.

Real-time processing power is not really an issue at this point. My
first application area will be optimizing my client's NT based wan
which connects about 60 lans to their corporate headquarter over 56k
isdn lines.

After installing a linux fileserver/router the CIO was somewhat amazed 
to see how easily I could trackdown and pinpoint a number of sources of
extraneous traffic, which were causing massive cost-overruns on their
telco budgets by triggering loads of longdistance calls on their
isdn-stack.

Intrusion detection will however become a prime concern once they
connect this wan to the internet via a T1 sometime next summer. They
don't realize this yet, but I do all the more so ;-)



-- 
  ________________________________________________________________
  Paul Stevens                                  mailto:paul@nfg.nl
  NET FACILITIES GROUP                     PGP: finger paul@nfg.nl
  The Netherlands________________________________http://www.nfg.nl

Next message: John Mayer: "Re: IDS: RE: Network Intrusion Detection"
Previous message: John Mayer: "Re: IDS: RE: Network Intrusion Detection"
In reply to: Michael G. Reed: "Re: Intro (was: Re: IDS: please try give appropriate subject names)"
Next in thread: Michael G. Reed: "Re: Intro (was: Re: IDS: please try give appropriate subject names)"