ext2: libNids and NIDSSep 28, 1999, 04:30 (0 Talkback[s])
(Other stories by Adam Langley)
"Basically the libNids team have taken the IPv4 code out of a 2.0.36 kernel and made them into a library for all to use. As the quote about suggests this was intended for NIDS - programs that scan incoming traffic and look out for known exploits against hosts that it can scan."
"The simplest NIDS just look for TCP port scans on the box they are running on. While very advanced (usually for-sale) NIDS can simulate fake networks. All NIDS can be broken down (conceptually) into 'boxes'..."
"libNids's ability to defrag IP packets and build up TCP streams means that it isn't just useful for building NIDS. Having a window showing you what is going down the network can be a godsend when you have to debug some network enabled app or reverse engineer some protocol (NTLM SAM protocol anyone?). libNids means you don't have to wade through a huge sniffit output because libNids will do a lot of the basic work for you."
0 Talkback[s] (click to add your comment)