---

ext2: libNids and NIDS

“Basically the libNids team have taken the IPv4 code out of a
2.0.36 kernel and made them into a library for all to use. As the
quote about suggests this was intended for NIDS – programs that
scan incoming traffic and look out for known exploits against hosts
that it can scan.”

“The simplest NIDS just look for TCP port scans on the box they
are running on. While very advanced (usually for-sale) NIDS can
simulate fake networks. All NIDS can be broken down (conceptually)
into ‘boxes’…”

libNids’s ability to defrag IP packets and build up TCP
streams means that it isn’t just useful for building NIDS. Having a
window showing you what is going down the network can be a godsend
when you have to debug some network enabled app or reverse engineer
some protocol
(NTLM SAM protocol anyone?). libNids means you
don’t have to wade through a huge sniffit output because libNids
will do a lot of the basic work for you.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis