From owner-freebsd-questions Fri May 11 0: 7:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id C40D337B423 for ; Fri, 11 May 2001 00:07:40 -0700 (PDT) (envelope-from sheldonh@uunet.co.za) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 14y71W-0006s0-00 for freebsd-questions@freebsd.org; Fri, 11 May 2001 09:07:38 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id JAA26722 for ; Fri, 11 May 2001 09:07:37 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 26553; Fri May 11 09:06:43 2001 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.22 #1) id 14y70d-000IME-00 for freebsd-questions@freebsd.org; Fri, 11 May 2001 09:06:43 +0200 From: sheldonh@starjuice.net (Sheldon Hearn) To: freebsd-questions@freebsd.org Subject: FreeBSD IDS to babysit Microsoft hosts Date: Fri, 11 May 2001 09:06:43 +0200 Message-ID: <70569.989564803@axl.fw.uunet.co.za> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi folks, I'm looking for an IDS that'll run on FreeBSD. However, the quirk is that I'm not interested in the security of the FreeBSD system, as I'm confident in its ability to stay standing. I want an IDS that uses a "database" of problematic signatures and looks for those in TCP streams to and from a finite list of hosts on the same ethernet segment. The signatures I'm particularly interested in are those that may identify attempts to exploit vulnerabilities in Windows servers running IIS, pcAnywhare and Cold Fusion. Ideally, I'd want the vendor to supply timeous updates to the database as new vulnerabilities in typical Windows server software are discovered. I'm not limiting my search to free software. My employer is having so much trouble with his Windows web servers that he'll be quite prepared to fork out cash for something that at least confirms that something funny is going on. Right now, he's never sure whether it's just Microsoft weirdness or a breach. TIA Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message