Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


ext2: libNids and NIDS

Sep 28, 1999, 04:30 (0 Talkback[s])
(Other stories by Adam Langley)

"Basically the libNids team have taken the IPv4 code out of a 2.0.36 kernel and made them into a library for all to use. As the quote about suggests this was intended for NIDS - programs that scan incoming traffic and look out for known exploits against hosts that it can scan."

"The simplest NIDS just look for TCP port scans on the box they are running on. While very advanced (usually for-sale) NIDS can simulate fake networks. All NIDS can be broken down (conceptually) into 'boxes'..."

"libNids's ability to defrag IP packets and build up TCP streams means that it isn't just useful for building NIDS. Having a window showing you what is going down the network can be a godsend when you have to debug some network enabled app or reverse engineer some protocol (NTLM SAM protocol anyone?). libNids means you don't have to wade through a huge sniffit output because libNids will do a lot of the basic work for you."

Complete Story

Related Stories: