Domain: prelude-ids.org
Stories and comments across the archive that link to prelude-ids.org.
Comments · 11
-
Re:How do you know if you've been rooted?
I'm glad that you mentioned flow-based monitoring. I'm not involved with the project at all, but using http://www.ntop.org/">NTop to monitor NetFlow/SFlow and MRTG/Cricket to monitor traffic crossing switches is a good way to detect illicit file sharing.
It looks like good things are coming from the Prelude project as well, though I haven't used it so if anyone has anything to say about it, I'd love to hear it. -
Articles should relate to existing work...
- Can this system serve as a prelude sensor? How about commercial aggregators?
- How does it compare to other log summarizing tools?
- Do any security monitoring services support it?
-
Re:SizeIf you're doing 500mbit/sec+ of traffic, it requires a somewhat beefy snort box just to process that data let alone do something about anything that looks like an attack.
There's a cheap workaround for it. The trick is to use 2 (or more) Snort boxes for data collection for different IP groups (using BPF filters), and agregate alerts from these boxes on other machine using open source Prelude IDS framework. Alternatively, you can try a hierarchic approach.
Prelude by itself AFAIK does not have any reactive capabilities, but it's so modular that you could add some without too much effort (provided you know C).
-
Re:SizeIf you're doing 500mbit/sec+ of traffic, it requires a somewhat beefy snort box just to process that data let alone do something about anything that looks like an attack.
There's a cheap workaround for it. The trick is to use 2 (or more) Snort boxes for data collection for different IP groups (using BPF filters), and agregate alerts from these boxes on other machine using open source Prelude IDS framework. Alternatively, you can try a hierarchic approach.
Prelude by itself AFAIK does not have any reactive capabilities, but it's so modular that you could add some without too much effort (provided you know C).
-
Re:SizeIf you're doing 500mbit/sec+ of traffic, it requires a somewhat beefy snort box just to process that data let alone do something about anything that looks like an attack.
There's a cheap workaround for it. The trick is to use 2 (or more) Snort boxes for data collection for different IP groups (using BPF filters), and agregate alerts from these boxes on other machine using open source Prelude IDS framework. Alternatively, you can try a hierarchic approach.
Prelude by itself AFAIK does not have any reactive capabilities, but it's so modular that you could add some without too much effort (provided you know C).
-
Re:SizeIf you're doing 500mbit/sec+ of traffic, it requires a somewhat beefy snort box just to process that data let alone do something about anything that looks like an attack.
There's a cheap workaround for it. The trick is to use 2 (or more) Snort boxes for data collection for different IP groups (using BPF filters), and agregate alerts from these boxes on other machine using open source Prelude IDS framework. Alternatively, you can try a hierarchic approach.
Prelude by itself AFAIK does not have any reactive capabilities, but it's so modular that you could add some without too much effort (provided you know C).
-
Re:SizeIf you're doing 500mbit/sec+ of traffic, it requires a somewhat beefy snort box just to process that data let alone do something about anything that looks like an attack.
There's a cheap workaround for it. The trick is to use 2 (or more) Snort boxes for data collection for different IP groups (using BPF filters), and agregate alerts from these boxes on other machine using open source Prelude IDS framework. Alternatively, you can try a hierarchic approach.
Prelude by itself AFAIK does not have any reactive capabilities, but it's so modular that you could add some without too much effort (provided you know C).
-
Re:SIMS
Ahhhh well there is a little thing called Prelude HyIDS. It has been narounnd since 1998 and has been mentioned on here: http://developers.slashdot.org/article.pl?sid=04/
0 4/26/2133207&mode=thread&tid=126&tid=172&tid=1 85
Might be what you are looking for. . . -
Prelude Hybrid IDS
The Prelude Hybrid IDS project is closed too...
-
Re:Integration With Vulnerability Assessment Engin
actually there's much better in terms of performances and, most important, completely _free_ : check Prelude IDS combined with Nessus VA.
man, snort is so much about stealing all the good ideas ;) -
Re:hmmmYa, I think I missed the memo. Are we all supposed to hold Debian up as the One True Linux? I thought Slackware was the distro we were all supposed to mindlessly acknowledge as the most l33t.
Are we also supposed to chant "Mandrake is for newbies, Mandrake is about Ease-of-Use" repeatedly, or has it finally become fashionable to recognize their ties with clueful things like Bastille, Prelude, and other security-related projects?. Sorry, I'm a little behind on my groupthink
;)Linux is what you make of it, any distribution can be installed and configured to promote ease-of-use, security, maximum customization, and fine-grained control.