Printable View
Me and a friend think to create a small IDS (university's exercise).
We will start with some tcp/ip books. But atm we are searching for some info about ids. Anyone know any good references (books) on howto create an ids? (not configuring snort)
Your forum is really nice ,very usefull ;)
thx
[i hope this is the correct forum and not "IDS & Scanner Discussions"]
you can check out the RFCs for TCP/IP. Then you can download SNORT and study the C source codes...you might learn a thing or two :DQuote:
Originally posted here by JJX
Me and a friend think to create a small IDS (university's exercise).
We will start with some tcp/ip books. But atm we are searching for some info about ids. Anyone know any good references (books) on howto create an ids? (not configuring snort)
Your forum is really nice ,very usefull ;)
thx
[i hope this is the correct forum and not "IDS & Scanner Discussions"]
Yep, we will give a glance to snort but we are looking for a book with IDS basic stuff..
well, i thought you are going to create an IDS. If you want to know basic stuffs on IDS, there are a lot on the net..but if you want to know how an IDS is created, then get SNORT and see it's src... :pQuote:
Originally posted here by JJX
Yep, we will give a glance to snort but we are looking for a book with IDS basic stuff..
Would you like the world's fastest and cheapest IDS?
1) Throw a box in your DMZ.
2) Add firewall ACLs that don't allow internal hosts to hit it.
3) Add firewall ACLs that don't allow external hosts to hit it.
4) Now, add *any* program you like that can see port scan activity. There are hundreds that I can think of other than snort that are free. Hell, you can even use a sniffer for this if you're really hard up.
Done.
Now, when Mr. leet haxor breaks into one of your other hosts in the DMZ, what do you think the first thing he will do if he doesn't have knowledge of your network layout? Yep. Scan for other targets. In doing so he has just announced to you that he has compromised your network and you get to reel him in. Many a dead haxor hang on my shelf using this simple yet effective technique.
--TH13
We want to implement a simple c++/java IDS.
C++ will do the packet sniffing , and according to some rules will detect attempts (real or false).
atm is just an idea ...
Check out python, you might be able to knock smething up quickly in that as a working prototype - have a look at this -
http://www.antionline.com/showthrea...threadid=249001
its a tut on how to make a honeypot but im sure you could twist how it works and create a simple IDS??
i2c
accidentally posted this else where this morning when I was in a rush, not sure how much help it will actually be...
check this to - http://www.antionline.com/showthread...hreadid=266442
Decent tutorial on building a Fedora Core 3 system, installing MySQL, Snort, BASE, et. al. to build a solid IDS. His site looks like ****, but the PDF has some good info for the begginer to build an IDS, so it's worth a look.
ok, thx for the links
thx all
I can highly recommend TCP/IP Illustrated, Volume 1 and Network Intrusion Detection, 3rd edition.Quote:
Originally posted here by JJX
We will start with some tcp/ip books. But atm we are searching for some info about ids. Anyone know any good references (books) on howto create an ids? (not configuring snort)