Firestorm Network Intrusion Detection System
John Leach
<
john@ecsc.co.uk
>
Gianni Tedesco
<
gianni@scaramanga.co.uk
>
Copyright © 2002, 2003 John Leach, Gianni Tedesco
Table of Contents
1.
Introduction
1.1.
Installation
1.1.1.
How Can I Get Firestorm?
1.2.
Architecture
1.2.1.
Sensor
1.2.2.
Extended Logs
1.2.3.
Stormwall
1.2.4.
Console
2.
Firestorm NIDS Sensor
2.1.
Configuration File
2.1.1.
firestorm_root
2.1.2.
chroot
2.1.3.
capture
2.1.4.
effective_uid / effective_gid
2.1.5.
load_plugins
2.1.6.
load_plugin
2.1.7.
preprocessor
2.1.8.
logfile
2.1.9.
output
2.1.10.
signatures
2.2.
Advanced Configuration
2.2.1.
IP De-fragmentation
2.2.2.
TCP Stateful Inspection and Stream Reassembly
2.2.3.
High Performance Alert Spooling
Next
Introduction