|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: New Azwalaro project, is a French Open Source Nids project
From: rmkml (rmkml
free.fr)
Date: Tue Sep 12 2006 - 13:54:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Stefano,
thx for comment on this new nids project !
see below
>> This project is under developpement (pre alpha version) because not find
>> on another nids open source product easy to exte
>> nd,
>
> Well, this is a pity, because working on Snort or Bro or Prelude would
> have benefited the community a lot more than starting YARBIDS (Yet
> Another Rule Based IDS)...
Im use snort,bro,prelude(down) and firestorm on daily and all have
advantage/incovenient (and bro is not only yarbids)
>> and work with very good ethereal/wireshark dissector library !
>
> Hint: I may be wrong, but that library is painfully slow for real-time
> IDS purposes on real world networks.
>
> Maybe Martin Roesch or another Snort/Sourcefire guy can correct me on
> this...
yes ethereal/wireshark dissector is not very very fast (compared to snort)
but this feature is one point on this project (look home page, sorry
French speakly actually)
but ethereal/wireshark have very good reassembly/frag/dissector on many
many many protocol !
>> - fix uri content
>
> What do you mean ? If it's the example on your page, I'm sorry to say
> that contextual rules for protocols are already in Snort and in almost
> any good commercial product...
look /azwalaro/parser.html page and pcap example ...
>> - work with ssl session
>
> You cannot, unless you disclose private keys to your IDS box. That's Not
> Recommended (TM), but there's a lot of ways to do that
another nids project rejected ssl session, Azwalaro go ...
>> - search on mime attachement
>
> Any IDS worth its cost can do that.
oops, open source project NOT extract mime att and find on ...
is very hard but interisting feature on Azwalaro project
>> - reduce false alert
>
> That's the holy grail, you're welcome to join us in its search :)
look parser.html page ...
Happy to detect with Open Source Project !
Rmkml
AzwalaroCrusoe-Researches.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]