Hello,

I am currently evaluating several host-based Intrusion Detection
Systems to monitor servers in a DMZ. My company only wants to monitor
for suspecious behaviour on critical servers, without the need for a
company wide security system. I am not interested in a network-bases
ids because this is

[ more ]  [ reply ]

Botnet detection is a very hot topic. But it is very difficult to get hold of any network traces for experimentation.

Recently Gu has done the first thesis on Botnet at Georgia Tech.

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed corre

[ more ]  [ reply ]

Hi !!!

I am looking for a thesis topic in the area of IDS any ideas, any help would be greatly appreciated

thanks so much

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with re

[ more ]  [ reply ]

Picviz 'good coffee' 0.3 is *out*.
...to have a good coffee, we must filter it!

What is Picviz ?
================

Picviz is a parallel coordinates plotter, written to help people
finding a needle in a haystack when dealing with numerous events
on their system and struggling to maintain an acceptab

[ more ]  [ reply ]

Hey,

I was just curious. OSSEC is doing an awesome job. Isn't it bought by Third Brigade. How does open source work when someone bought a project. Was just wondering how it works out.

Anu

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed

[ more ]  [ reply ]

Hi,

I am pleased to announce the Open Source release of "Distack"

*** http://www.tm.uka.de/distack ***

Distack is a framework for local and distributed attack detection and
traffic analysis. It can run on live interfaces or traces files, as well
as in simulation environments. Therefore it p

[ more ]  [ reply ]

The OSSEC team is pleased to announce the general availability of OSSEC version 1.6.

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring,
rootkit detection, real-time alerting and active response. It runs on most o

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello, folks,

The United Kingdom's Centre for the Protection of National Infrastructure
has just released the document "Security Assessment of the Internet
Protocol", on which I have had the pleasure to work during the last year or
so.

The motivatio

[ more ]  [ reply ]

Hi Mohamed,
Reviewing the products is currently available and the more popular products
appear higher in the listings. The problem is finding people willing to
share their feelings on the various products, or add new listings.

I've even resorted to bribing them with a free T-Shirt for the best rev

[ more ]  [ reply ]

Morning, (We are not a vendor, We do not resell products

Thanks to Michele Jordan for doing all the hard work!

Our vendor neutral site has been providing salient detail on every single
Information Security product (good, bad or ugly) since 1999. The effort in
updating the content is both time c

[ more ]  [ reply ]

Hi all,
I am looking forward a HIDS for mass deployment on unices systems (~= 1200
Linux/Solaris/AIX). I need a centralized system (in order to simplify
administration), excluding tripwire/aide/integrit and the like..

A that point of my researches, I have the feeling that OSSEC or Samhain
would be

[ more ]  [ reply ]

Hi,
My name is Andrea Di Pasquale and I study at Secondary High School
"S. Quasimodo"
in Catania, Italy.

Some time ago I released a research project related to the security
of the
address resolution protocol Arp, the project name being Arpon (Arp
handler
inspection).

Arpon makes the protocol

[ more ]  [ reply ]

Focus-IDS Readers:

The network IPS team at ICSA Labs announced recently on our RSS feed
(http://feeds.feedburner.com/icsalabsnetworkips) that we'd be publishing
a couple new white papers in successive weeks. The first paper posted
earlier today introduces readers to the distinguishing features of

[ more ]  [ reply ]

IPS users, we at NSS Labs are conducting a 10Gbps IPS group test. True 10Gbps appliances and stacked & switched solutions are being evaluated.

The IPS test criteria is posted here:

http://nsslabs.com/certification-criteria/ips

We are interested in your requirements and experiences as users

[ more ]  [ reply ]

It all depends on company's policies and procedure , on which traffic to monitor. Ideally, we should be monitoring incoming & outgoing traffic. This is not only true for RFI but for other signatures/exploits/ etc as well. T

Thanks,
Aditya Govind Mukadam

-------------------------------------------

[ more ]  [ reply ]

Does anybody have snort or Intrupro-IPS signature(s) to detect DNS
Cache Poisoning attack?
Also, is there any PoC to simulate the attack and test the
effectiveness of signature(s)?

thanks
Ravi

------------------------------------------------------------------------

Test Your IDS

Is your IDS deplo

[ more ]  [ reply ]

Hi,

I am using IntruPro-IPS to protect both servers and clients. It seems
to be flagging RFI related anomalies for traffic going from internal
clients to servers in Internet. I thought these attacks need to be
detected only if the internal servers are being attacked. That is, I
think that RFI d

[ more ]  [ reply ]