Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: IDS: Introductions

IDS: Introductions

Lister, Justin (justin.listercsfb.com)
Fri, 17 Sep 1999 11:02:56 +0900

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Kößler Lars: "IDS: SessionWall"
Previous message: CyberPsychotic: "Re: IDS: Other alternatives ?"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

--- A few more Introductions that were received lately...

____________________________________________________________________________ ___ From: Christian de Waal <christbnd.de> To: idsuow.edu.au Subject: introduction Date: Wed, 8 Sep 1999 22:26:56 +0200 X-Mailer: KMail [version 0.7.9] Content-Type: text/plain MIME-Version: 1.0 Message-Id: <99090822543602.02400dulos> Content-Transfer-Encoding: 8bit

hello everybody out there,

as i was asked to do so by majordomo in his welcome message to this list, i will briefly introduce myself:

my name is christian de waal, my age is 24 years, i am computer science student at the university of bonn (germany), and the subject of my diploma will probably have something to do with intrusion detection, so i subscribed to find out what the state of the art is and what the current problems are (so that i can try to solve one of them in my diploma work).

i don't dare to say that i have written an ids. what we (this other student and me) did do, was to "play around", as i would call it: we wrote program modules that measure and collect round trip times and try statistically to detect anomalies (and visualize all this stuff). the problem is that you can only detect very "brutal" attacks and that round trip times reflect the network load as well as the cpu load so that you can't draw any real conclusions.

anyway, that was a task we fulfilled to get on with our studies and it is supposed to be the beginning of a project that other people shall work on after us, writing new modules that collect other publically availabla data. maybe if you have several data sources you can try to find interesting correlations.

ok, i hope to read some interesting discussions and to contribute the one or other oppinion, greetings from my home town duesseldorf,

-- // christian de waal ........ -=> http://bnd.de/~christ/ <=- \\ ............................... -=> icq:38703795 <=- .... // pgp encrypted mail preferred - public key on my web page!

____________________________________________________________________________ ___

From: Robert_Hartnerraiffeisen.it Received: by mail.raiffeisen.net(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id C12567EE.0039AA43 ; Thu, 16 Sep 1999 12:29:51 +0200 X-Lotus-FromDomain: RAIFF Sender: Robert_Hartnerraiffeisen.it To: idsuow.edu.au Message-ID: <C12567EE.0039A8FE.00mail.raiffeisen.net> Date: Thu, 16 Sep 1999 12:30:46 +0200 Subject: intro and centralized logging Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline

Hi,

lurking on the list for a fair while I guess it's time to introduce myself. I am interested in all kind of network security, because it's part of my job. I work for RVS, a service enterprise in the northern part of Italy where people speaks both German and Italian (sorry for my poor English). Intro short enough? ;-)

A few days ago Bill Royds wrote:

> As well, are there any systems to combine the firewall logging with > IDS logging to generate more complete summaries of an attack? Since a > firewall may block part of the intruders attack but not block the part > that the IDS sees, we need both sets of logs to analyse the nature of > the attack.

I wonna set up a central logserver for all kinds of logs, but the principal interest is on combining firewall and IDS logs. Are there any proven tools for centralized logging? What about commercial software? Somebody told me that the newer generation of IDS products can manage this problem much better (NAIs Event Orchestrator, ISSs SAFEsuite Decisions, ...). Has anybody some experience? Also tips for papers in this matter are greatly appreciated.

Thanks in advance, Robert. ____________________________________________________________________________ ___

Next message: Kößler Lars: "IDS: SessionWall"
Previous message: CyberPsychotic: "Re: IDS: Other alternatives ?"

This archive was generated by hypermail 2.0b3 on Fri Sep 17 1999 - 14:34:21 CDT