|
|
|
|
Snort Forums Archive
Archive Home » General Security Discussion » Architecture of an IDS
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Architecture of an IDS
Posted by saintarmin on October 03, 2006 15:42:32
hi
well im a newbie, im studying at Instituto Politecnico Nacional (in Mexico city), my Tesis is to create an IDS, but, i dont find any architecture, to take a base for my tesis, i need view a diferent architectures for take me and idea about this systems, becouse i want to create an IDS with JAVA....
please if somebody knows about it, or know where if find docs about architecture of IDS, please let me know.... ( when i terminatly my tesis my project become and open source) thanks for all |
|
Posted by duh on October 25, 2006 07:06:25
signature based can be easy.
Write java class to read all ethernet data (there are some out there).
Then comb through each packet matching it to some sdignature you predefined.
Obviously snort and other ids and much more complicated, but thats the extremem high level view. |
|
|
|
|
|
