Firestorm Network Intrusion Detection System

Gianni Tedesco

<gianni at scaramanga dot co dot uk>

John Leach

<john at johnleach dot co dot uk>

Copyright © 2002, 2003 Gianni Tedesco, John Leach

Table of Contents

1. Introduction

1.1. Installation

1.1.1. How Can I Get Firestorm?

1.2. Architecture

1.2.1. Sensor
1.2.2. Extended Logs
1.2.3. Stormwall
1.2.4. Console

2. Firestorm NIDS Sensor

2.1. Configuration File

2.1.1. firestorm_root
2.1.2. chroot
2.1.3. capture
2.1.4. effective_uid / effective_gid
2.1.5. load_plugins
2.1.6. load_plugin
2.1.7. preprocessor
2.1.8. logfile
2.1.9. output
2.1.10. signatures

2.2. Advanced Configuration

2.2.1. IP De-fragmentation
2.2.2. TCP Stateful Inspection and Stream Reassembly
2.2.3. High Performance Alert Spooling

3. Extension Interface

3.1. Introduction

3.1.1. Plugins
3.1.2. Compatiblity
3.1.3. Licensing and Legal Issues
3.1.4. Coding Style
3.1.5. Submitting Patches

3.2. Internal API

3.3. Capture Devices

3.4. Decoders

3.5. Matchers

		Next
		Introduction