[Snort-devel] Host based IDS

pavani garimella pavani79 at ...398...
Wed Jun 12 12:23:04 EDT 2002

Hi all ,

I am new to the field of intrusion detection and please pardon me if I am wrong or making little sense.Can I create a host based IDS to check for DOS attacks as well as also check for the contents of the file? To be more clear,say if I am writing something to a server, I want to check the packet headers too (which will be useful in analysing many DOS attacks) and also check the contents of the written data thereby ensuring nothing malicious is being written. These checks have to be done at different layers.(correct me if I am wrong) ( just curious to know from developer's point of view how this is done,and with what efficiency) Could you suggest please tell me how this is done. 

Thanks in advance,

Pavani Garimella


Pavani Garimella

“"Be slow to fall into friendship; but when thou art in, continue firm and constant.- Socrates, Greek Philosopher

Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20020612/3dc21f14/attachment.html>

More information about the Snort-devel mailing list