OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: IDS: RE: Ramping up for another review
From: Dan Schnackenberg (danbaker.ds.boeing.com)
Date: Fri Jul 28 2000 - 12:51:21 CDT

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
Klaus, Chris wrote:
>There are atleast 2 IDS standards groups: IETF has IDWG (intrusion
>detection working group) that is starting to lay the groundwork for IDS in
>the industry and CIDF (common intrusion detection framework). I do not
>believe either of them have tackled a standard for common IDS response
>protocol.

CIDF actually does have some response capabilities in the language.
Responses are requested through the "Do" verb. So one can say things
like "Do Block" or "Do Trace", followed by a specification of what
to block or trace. One could easily envision adding more terms for
more exotic requested actions (e.g., "Do Make Coffee" or "Do Order Mega War
Heads";). We have been using CIDF as our response language on our DARPA
research project, and it works reasonably well.

Dan 

-- 
Dan Schnackenberg
Boeing Phantom Works
danbaker.ds.boeing.com
(253)773-8231