Hello, Considering the "anomaly based" IDS, i'm not sure a tool likes this exists in open source.
Another tool you may check beside of "snort" is "bro" (http://bro-ids.org). Using the bro's language you can script your own policies and then with some tweaks, do and/or check what you want. Best regards. On Sat, May 20, 2006 at 09:37:54AM +0530, Raj Malhotra wrote: > Hi All > > I am trying to set up a test network comprising of heterogeneous > intrusion detectors. The idea is to use the diverse capabilities of > these detectors to arrive at a decision as to whether an intrusion > took place or not. I intend to use a signature based ids (snort in > this case), an anomaly based network ids ( i don't know what to use > here), something which is very efficient in detecting scans (port > scans, OS fingerprint attempts) etc. > > I would be thankful if folks can suggest freeware which can be used > for the above mentioned purpose > > thanks in advance > > ral > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
