Hosting Provided By

Re: Anamoly based network IDS

From: Lance Spitzner <lance(at)honeynet.org>
Date: Thu Mar 27 2003 - 10:48:53 EST

On Wed, 26 Mar 2003, vishal p wrote:

> Hi Lau Ker Chea
> To Understand anomaly base -ids , refer to the

Another good example of Anamoly Detection are honeypots. These are systems that have no authorized activity. Any connection to (or from) the honeypot is by definition an anamoly (making them very powerful detection solutions). In fact, Christian Kreibich has developed Honeycomb, a plugin for the honeypot Honeyd that not only detect and logs anamolous activity, but in real time generates IDS rules based on the activity (specifically Snort).

Honeycomb/Honeyd
http://www.citi.umich.edu/u/provos/honeyd/ch01-results/

lance
http://www.tracking-hackers.com

ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71 Received on Thu Mar 27 11:21:01 2003

This message: [ Message body ]
Next message: Toby Miller: "Problems with Snort-1.9.1"
In reply to vishal p: "Anamoly based network IDS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:10 EDT