Title: Message
Hi Riccardo,
 
If you're looking for an open source IDS then you probably want SNORT.  Ntop can be an extremely useful security tool, but it'd take quite a lot of work to turn it into an IDS.
 
Chris


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Riccardo Rosso
Sent: Tuesday, April 12, 2005 4:42 AM
To: [email protected]
Subject: [Ntop] ntop as IDS

Hi to everybody.
I'm new to the list so I beg your pardon if my post looks a little "strange".
I'm interested in security and I would like to use ntop as a NIDS (a burglar alarm-like), I read almost all the docs available through ntop.org or related sites but still I have some problems so far:
1) I know/I experienced that ntop is able to detect attack intended to the host itself running ntop but I cannot find any info in suspicious file for other hosts (when I attacked them): am I wrong ?
2) I cannot find a rule file for the basic IDS functions mentioned at point 1  (I looked in the source code of ntop and as I understand all is managed internally in C files): am I wrong ?
3) Moreover, even if Luca Deri has written an interesting doc called LightWeightIDS.pdf with some useful info, still it seems that only BPF filters can be used and even these only one at a time using the -B CLI option plus -q (for suspicious packets) when I really need to set a lot of these rules  for ntop to process all at a time. How can I do this ?
4) lastly I tried to extract data from RRDs with rrdtool fetch (which needs CF) but non useful security infos seem to be present in RRDs:is it true ?
 
Pardon again for the subject and the long post,
thanks,
bye,
   Riccardo Rosso
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.f-secure.com/

**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mortgage Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to