looking for advice
Results 1 to 6 of 6

Thread: looking for advice

  1. #1
    Member
    Join Date
    Jul 2002
    Posts
    39

    looking for advice

    Hil!
    I'm looking for some hot theme on DIDS to begin my PhD. I have some ideas, but I see all them trivials and I dont know what can I do.
    Thnks!
    groby

  2. #2
    Member
    Join Date
    May 2003
    Posts
    45
    This isn't my area of expertise but this may be of some help.
    http://www.kolacki.com/dids_index.htm

    Just some ideas, I know it was informative for me.

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    rmlj63: I'm not sure groby meant Data Item Descriptions Standard (That mil & gov stuff).

    I think he's looking information about Intrusion Detection System but I have to say that I don't know that "D"IDS stand for.
    NIDS, HIDS but not DIDS????
    [shadow] SHARING KNOWLEDGE[/shadow]

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I think he's referring to Distributive Intrusion Detection Systems. This seems to be related to data-mining IDS techniques (or so I've found thus far)

    http://www1.cs.columbia.edu/ids/
    http://www.dshield.org/
    www.cerias.purdue.edu/homes/zamboni/ docs/talks/tpc40.ppt
    http://citeseer.nj.nec.com/context/647950/0
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Member
    Join Date
    Jul 2002
    Posts
    39
    Hi!
    Thnks 2 all! I'll look this links. And yes, I mean Distributed Intrusion Detection Systems.

    see u!
    groby

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Groby: Frankly, if you are not distributing your Intrusion Detection assets then you are asking for trouble....... I run a combination of NIDS/HIDS that report to two different systems on two different computers that are hardened. My public servers, AD servers and my firewalls also dump their logs to one of those systems. Those logs are moved daily to two other locations on yet two other computers. Then, weekly, those logs are moved to CD and archived.

    Why? Well.... an IDS is only tells you what _did_ happen and, as we all know, if it happened at 2am while we were snoozing then we may find corrupted logs by the time we get in to work. But if you have to search my system, (650 machines), to find out where all the copies are and crack those 2 primary log machines too then there is a good chance that I will still have a good copy when I get in...... Additionally, it is unlikely that you will footprint me, attack me successfully and get rid of all the initial 2 logs in the same 24 hour period, thus the chances are high that I still retain some evidence of your activity from prior days.

    I could be more paranoid..... but I don't see myself as a high profile target or the logs would be moved hourly...... and then moved again......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •