http://www.scaramanga.co.uk/firestorm/
Este un IDS care promite, autorul are niste idei cool de tot. Daca se
tine de treaba, ar putea depasi snort.
Daca-l folositi, dati cu feedback-ul in autor ;-) in buna traditie Free
Software.
Citez dintr-o discutie pe care am avut-o cu autorul:
On 07 Jun 2001 15:18:21 -0700, Florin Andrei wrote:
>
> I have one (obvious) question: why Firestorm? I mean, what will be the
> advantage of using Firestorm over Snort?
Well, I plan to go a lot further than snort in that I want a full
network intrusion detection system, not just a sensor. Although snort is
great, it isn't much more than a packet sniffer on steroids (although
now there are things like SPADE, which are great).
For example, if I wanted to deploy NIDS sensors across multiple networks
and have them logging to the one central server, which could perform
traceback and correlation, and then push out revised rulesets to the
sensors, and I wanted all the traffic encrypted. I would be hard pushed
to do it with snort.
I also see the pluggable architecture as a big bonus to firestorm, it
becomes trivial to remove code you dont need, and it keeps the firestorm
core to ~3,000 lines of code, compared to >10,000 in snort. Snort is
also quite modular, but I don't think to the same degree as firestorm.
Snort is also totally bound to TCP/IPv4. Something I have been trying to
avoid in firestorm.
I'm a long way off but I think (hope) I'll get there :)
--
Florin Andrei
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
