Monday, February 7, 2005

Target-based IDS

Sat in on the Target-based IDS (Snort) brief on Sunday. A lot of
interesting stuff is coming for Snort: New data acquisition modules
(you'll be ablt to take the packets rejected by your IPFW/IPTables/etc.
and feed them into Snort for analysis). New stream reassembly modules.
IPv6. New defrag modules.

Based on the presentation and depending on
how it's implemented, Snort could get very complicated for production
environments.