We all know snort, at least heard of it. One guy in ILUGC runs his life on snort alarms coming to his bank network.
Intrusion detection is all about alerting or getting alerted or logging packets. Usually attacks come from the Internet and they target vulnerabilities or easy passwords or just try a denial of service or port scans. It is not so easy to spot attacks but with intrusion detection software it is possible with some effort. snort is the industry standard, it is open source, but it is a signature based system and some of the signatures are not free. Bro is another software that does the same thing but in a completely different way. Bro is more of an anomaly detector as opposed to a packet signature matcher. It therefore looks for events and bro comes pre built with 1000s of scripts in its own programming language which I am trying to learn but it is somewhat hard. Bro can also understand netflow and it has several pluggable modules. Bro can be made to log packet decodes as well as execute functions thereby making it an intrusion prevention software as well. I am now doing a project involving bro and though I lack practical knowledge of using it I am sure a lot of you do not know beyond snort and IDS. So I thought I could introduce bro. I am sure it is better than snort in a lot of ways. It is highly customizable and is also quite old being a research project from USA. Snort is from Israel. Anyway since I will get paid only after I do my project using bro I will surely have to learn it. Bro is a highly configurable intrusion detection tool that can be used not just for this purpose but also for several things with its scripts. -Girish -- Gayatri Hitech http://gayatri-hitech.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
