Hi Riccardo,
If you're looking for an open source IDS then you probably
want SNORT. Ntop can be an extremely useful security tool, but it'd take
quite a lot of work to turn it into an IDS.
Chris
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Riccardo Rosso
Sent: Tuesday, April 12, 2005 4:42 AM
To: [email protected]
Subject: [Ntop] ntop as IDS
Hi to
everybody.
I'm new to the list
so I beg your pardon if my post looks a little "strange".
I'm interested in
security and I would like to use ntop as a NIDS (a burglar alarm-like), I read
almost all the docs available through ntop.org or related sites but still I have
some problems so far:
1) I know/I
experienced that ntop is able to detect attack intended to the host itself running ntop but I cannot find any info in suspicious file for other hosts (when
I attacked them): am I wrong ?
2) I cannot find a
rule file for the basic IDS functions mentioned at point
1 (I looked in the source code of ntop and as I understand all is
managed internally in C files): am I wrong ?
3) Moreover, even if
Luca Deri has written an interesting doc called LightWeightIDS.pdf with some
useful info, still it seems that only BPF filters can be used and even these
only one at a time using the -B CLI option plus -q (for suspicious packets) when
I really need to set a lot of these rules for ntop to process all at
a time. How can I do this ?
4) lastly I tried to
extract data from RRDs with rrdtool fetch (which needs CF) but non useful security infos seem to be present in RRDs:is it true ?
Pardon again for the
subject and the long post,
thanks,
bye,
Riccardo
Rosso
###########################################This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.f-secure.com/
**********************************************************************
Confidential/Proprietary Note
The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mortgage Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
