Firestorm Network Intrusion Detection System

John Leach

<john@ecsc.co.uk>

Gianni Tedesco

<gianni@scaramanga.co.uk>

Copyright © 2002, 2003 John Leach, Gianni Tedesco

Table of Contents

1. Introduction

1.1. Installation

1.1.1. How Can I Get Firestorm?

1.2. Architecture

1.2.1. Sensor
1.2.2. Extended Logs
1.2.3. Stormwall
1.2.4. Console

2. Firestorm NIDS Sensor

2.1. Configuration File

2.1.1. firestorm_root
2.1.2. chroot
2.1.3. capture
2.1.4. effective_uid / effective_gid
2.1.5. load_plugins
2.1.6. load_plugin
2.1.7. preprocessor
2.1.8. logfile
2.1.9. output
2.1.10. signatures

2.2. Advanced Configuration

2.2.1. IP De-fragmentation
2.2.2. TCP Stateful Inspection and Stream Reassembly
2.2.3. High Performance Alert Spooling

		Next
		Introduction