[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: SHADOW anomaly

To: Jerome Carrere <Jerome.Carrere@cert.fr>
Subject: Re: IDS: SHADOW anomaly
From: Brian Hughes <hughbria@isu.edu>
Date: Tue, 11 May 1999 13:22:04 +0000
CC: ids@uow.edu.au
Organization: Idaho State University
References: <3733022C.E1247F18@isu.edu> <3737D10C.DF2E9EE0@cert.fr>
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

Hi Jerome and All,

Actually now my problem is solved thanks to Kertesz Imre.  He pointed
out to me that all files ending in .filter would be evaluated by the
software.  As soon as I removed the extra filter files I started seeing
only the packets I was interested in.

The SHADOW software is free and is located at
http://www.nswc.navy.mil/ISSEC/CID/

Best Regards,
Brian

Jerome Carrere wrote:
> 
> Brian Hughes wrote:
> 
> > I'm currently deploying SHADOW and am seeing some strange behavior.
> > I've created a bad_events filter which produces one set of results when
> > run manually using tcpdump and yields another set of results when shadow
> > uses it to display its Web page.  I was wondering if anyone else had
> > encountered this problem or better yet solved this problem :-).
> 
> I don't have any solution rigth now.
> But I'm interrested to learn more about this problem. It seems that you
> are not the only person
> having trubbles with Shadow (see "Kertesz Imre" e-mail in the IDS ML).
> 
> Is there a place where to obtain an evaluation version of Shadow IDS ?
> 
> Regards,
> Jerome
> 
> --
> _______________Ingenieur ISI, DEA  Sup-Aero______________________
>    ('\^^^/')                       Jerome CARRERE
>     ( &.& )                      ONERA-CERT / DTIM
>     (-`I`-)              Complexe scientifique de Rangueil
>    ___---___             2, avenue Edouard Belin BP4025
>   (. baloo .)              F-31055 TOULOUSE - FRANCE
> () (   o   ) ()    Phone : +(33) -(0) 562 252 525 ask for 22 80
>  (  )-----(  )     Fax : +(33) -(0) 562 252 593
> (,,)       (,,)    E-mail (at work) mailto:Jerome.Carrere@cert.fr
> E-mail (at home) : baloo@cadrus.fr

-- 
Brian Hughes               mailto:hughbria@isu.edu
Idaho State University     http://www.isu.edu/~hughbria

References:
- IDS: SHADOW anomaly
  - From: Brian Hughes <hughbria@isu.edu>
- Re: IDS: SHADOW anomaly
  - From: Jerome Carrere <Jerome.Carrere@cert.fr>

Prev by Date: Re: IDS: Real-world experience
Next by Date: Re: IDS: Real-world experience
Prev by thread: Re: IDS: SHADOW anomaly
Next by thread: Re: IDS: Have you heard about Specter?
Index(es):
- Date
- Thread