Using Open BSD, snort, Linux, and a few other tricks to set up a transparent, ACTIVE Ids.

Presented at DEF CON 9 (2001), July 14, 2001, 4 p.m. (110 minutes)

Basically I will cover: How to set up Snort Sensor in Openbsd. - How to use Perl & Rules to actively adapt rules to attacks, while keeping yourself from being "DOSSED" - How to use ACID to make logs more easily accessible, and analyzed, - How to Use database portion to look at historical attack trends and react appropriately. - How to set up "safe" management segment on your network that is both accessible to you, but hard for "them" to get into.

Presenters:

• Thomas J. Munn - Infosecurity Analyist

Links:

• https://defcon.org/html/defcon-9/defcon-9-speakers.html#Thomas Munn
• https://infocon.org/cons/DEF CON/DEF CON 9/DEF CON 9 video/DEF CON 9 - Thomas Munn - Using OpenBSD Snort Linux and A Few Other Tricks To Set Up A Transparent ACTIVE IDS.mp4
• https://www.youtube.com/watch?v=n4cUmZavnnA

Similar Presentations:

• DEF CON 7 (1999) / How to set up a firewall with xBSD O/S
• DEF CON 16 (2008) / Snort Plug-in Development: Teaching an Old Pig New Tricks
• ShmooCon I (2005) / IDS Gone Bad