Results 1 to 8 of 8

Thread: what do IDS's do ?

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    199

    what do IDS's do ?

    Anyone know what IDS's really do ?

    I'd be really greatful for any information about how they work and why they are are important (if they are). Any advise for good window's IDS's would be cool too !

    Thanks in advance
    Katez
    -

  2. #2
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    This link should tell you all you need to know
    http://www.robertgraham.com/pubs/net...detection.html

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Posts
    199
    Thanks dude
    -

  4. #4
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    Theres a tutorial by qod about intrusion detection systems -

    http://www.antionline.com/showthread...hreadid=252880

    A IDS system pretty much, looks at all the packets going into your computer. If the IDS thinks that theres something suspicious about a packet, it makes a log and gives you a alert. You give this log to your ISP (or their ISP) and let them decide.

    People use this with a firewall because if someone manages to get into your computer, they can delete your firewall logs and whatever evidence there is on your computer. The IDS' existence is usually hard to notice, so the logs cant be found. Some IDS email you the log.

  5. #5
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    Not a problem hope it answers all your questions you may have about it.

  6. #6
    Senior Member Boogymantroy's Avatar
    Join Date
    Jan 2004
    Location
    Memphis Tn
    Posts
    100
    OMG that was a great link, I dont mind doing research but it can be a relief to find more than one answer on the same page. Thanks a lot

    Boogyman

  7. #7
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    nice link I had been thinking about running an ids becuse I recently set up a wireless network in my house I think I will have to move it up on my list of things to do.
    can you recomend any good IDS programs that you have experience with?
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Although not a expert at IDS.. let me share some info I know abt IDS....

    What does IDS do?
    IDS works like a closed circuit camera.. It os capable of monitoring the traffic that passes through its lens..... IDS aim to detect computer attacks , computer misuse and to alert the proper individuals upon detection through mails, alerts, sms etc.

    The placement of IDS is very critical ...... Some people prefer installing it after the firewall.... personally I believe in this.. while others advocate installing of IDS before the firewall......

    Network Based IDS ...... Monitors the data that passes over the network.. basically it monitors all the traffic entering the network or generating from the network (assumption is that IDS is properly placed to monitor the above activities)...

    Host based IDS similiarly monitor activities on a specific host.....

    Problems with any type of IDS implementation is False Positives......... where legitimate network traffic are marked as intrusions...

    Two commonly used techniques to detect intrusions are Signature based and anomaly based ....

    While signature would compare the packet with current intrusion signatures.. anomaly aims at identifying normal usage patterns... anything which deviates from normal usage pattern is termed as intrusion....

    It has been discussed many times on this board bvut for convinience of users...... some of the IDS for home users are

    snort
    blackice

    Commercial IDS

    Real Secure
    NFR etc...
    ****** Any man who knows all the answers most likely misunderstood the questions *****

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •