[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IDS: SHADOW anomaly
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------
Brian Hughes wrote:
> I'm currently deploying SHADOW and am seeing some strange behavior.
> I've created a bad_events filter which produces one set of results when
> run manually using tcpdump and yields another set of results when shadow
> uses it to display its Web page. I was wondering if anyone else had
> encountered this problem or better yet solved this problem :-).
I don't have any solution rigth now.
But I'm interrested to learn more about this problem. It seems that you
are not the only person
having trubbles with Shadow (see "Kertesz Imre" e-mail in the IDS ML).
Is there a place where to obtain an evaluation version of Shadow IDS ?
Regards,
Jerome
--
_______________Ingenieur ISI, DEA Sup-Aero______________________
('\^^^/') Jerome CARRERE
( &.& ) ONERA-CERT / DTIM
(-`I`-) Complexe scientifique de Rangueil
___---___ 2, avenue Edouard Belin BP4025
(. baloo .) F-31055 TOULOUSE - FRANCE
() ( o ) () Phone : +(33) -(0) 562 252 525 ask for 22 80
( )-----( ) Fax : +(33) -(0) 562 252 593
(,,) (,,) E-mail (at work) mailto:Jerome.Carrere@cert.fr
E-mail (at home) : baloo@cadrus.fr