rmkml wrote: > This project is under developpement (pre alpha version) because not find > on another nids open source product easy to exte > nd,
Well, this is a pity, because working on Snort or Bro or Prelude would have benefited the community a lot more than starting YARBIDS (Yet Another Rule Based IDS)... > and work with very good ethereal/wireshark dissector library ! Hint: I may be wrong, but that library is painfully slow for real-time IDS purposes on real world networks. Maybe Martin Roesch or another Snort/Sourcefire guy can correct me on this... > - fix uri content What do you mean ? If it's the example on your page, I'm sorry to say that contextual rules for protocols are already in Snort and in almost any good commercial product... > - work with ssl session You cannot, unless you disclose private keys to your IDS box. That's Not Recommended (TM), but there's a lot of ways to do that > - search on mime attachement Any IDS worth its cost can do that. > - reduce false alert That's the holy grail, you're welcome to join us in its search :) Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
