On Thu, 2002-12-05 at 01:49, Dave wrote: > How does this compay to SNORT and other NIDS?...sounds similar.. It's similar, but thats mainly because it is still young and my focus has been on getting it usable so people can use existing snort signature base. Biggest difference to snort currently is probably performance, firestorm is a much more efficient, and I also think alert ratelimiting is a useful feature to prevent DoS attacks too for example, stick/snot can still DoS your sensor if you only feed it icmp and udp signatures which can't be state tracked. As far as the IDS sensor goes, I want to turn firestorm in to something which has full (ie: not ugly and hacky) protocol decodes and application layer state tracking, something similar to how I understand real-secure works. My overall motivation is to create infrastructure and tools to manage the IDS data effectively, remote logging, a powerful analyst console, correlation tools etc... -- // Gianni Tedesco (gianni at ecsc dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part