Linux Today: Linux News On Internet Time.

More on LinuxToday

ext2: libNids and NIDS

Sep 28, 1999, 04:30 (0 Talkback[s])
(Other stories by Adam Langley)

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"Basically the libNids team have taken the IPv4 code out of a 2.0.36 kernel and made them into a library for all to use. As the quote about suggests this was intended for NIDS - programs that scan incoming traffic and look out for known exploits against hosts that it can scan."

"The simplest NIDS just look for TCP port scans on the box they are running on. While very advanced (usually for-sale) NIDS can simulate fake networks. All NIDS can be broken down (conceptually) into 'boxes'..."

"libNids's ability to defrag IP packets and build up TCP streams means that it isn't just useful for building NIDS. Having a window showing you what is going down the network can be a godsend when you have to debug some network enabled app or reverse engineer some protocol (NTLM SAM protocol anyone?). libNids means you don't have to wade through a huge sniffit output because libNids will do a lot of the basic work for you."

Complete Story

Related Stories: