Hi bart.
Thanks for your suggestion. Yep, I know there are many types of DDoS attack,
but some of them are not common and will not occur for a personal IDS. I
think the port-scan and the sync-attack are most common forms of attack for
a personal server or something.
Since you have experience in this area, what's your opinion? If you have
more information about this and the kernel part in a DDoS attack, please
send me some links. Thanks. I have been hacking into Linux kernel to improve
the receiving speed recently.
It's nice to have your help =)
--Kay
On Tue, Mar 29, 2011 at 9:00 AM, Bartosz SKOWRON <[email protected]> wrote:
> On Fri, Mar 25, 2011 at 2:36 AM, Kay <[email protected]> wrote:
>
> > I have took a look at the UMPA, it's really a good work =) I think you
> mean
> > that I can use it to sniff packets and analysis the captured packets to
> > detect intrusion.
>
> I'm an original author of the UMPA. If you have any questions about
> the library don't hastite to ask here or privately.
>
> > I am not quite familiar with statistical analysis. What I have been
> focused
> > on is the multi-core architecture and how to accelerate network
> processing
> > on it. I'd like to know exactly what functions should have in a personal
> > NIDS so that I can evaluate if I have the ability to work on this
> project.
> > Port-scan detection, DDoS detection, or something else?
>
> There are hundrends (ok, i have never counted it) ideas about DDoS
> detection/prevention. Most of them are theoretical. Years ago I
> implemented some and got great results. I'm seeing it as a good idea
> to prepare one-big DDoS tool. However, the problem is, most of the
> ideas are related to Linux kernel patches etc. Not sure how much you
> would like to hack a kernel. Also, how much it would be valuable in a
> real life.
>
> bart.
>
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Umit-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/umit-devel
