1)
I got a bro binary of the 0.9 version,approximately
22 Megabytes.I compiled in Debian3.1,PowerPC,with a
straightforward ./configure make.All seemed normal
during the compilation.At first sight it seems a
working
binary.So,do I have a statically linked binary,with
the
overweight of the statically linked libraries?
2)
In a paper(2003) called "The Intelligent IDS:The
Next Generation of Intrusion Detection Management
Revealed" Andre Yee of NFR Security Inc. positioned
the ISS and NFR IDSs high,in both detection models:
Protocol Anomaly Detection and Pattern Matching
(a logical assumption in its position.).How do
the Bro IDS position in these models?For Bro
users who have a general knowledge about ISS and
NFR IDSs.
1)
I got a bro binary of the 0.9 version,approximately
22 Megabytes.I compiled in Debian3.1,PowerPC,with a
straightforward ./configure make.All seemed normal
during the compilation.At first sight it seems a
working
binary.So,do I have a statically linked binary,with
the
overweight of the statically linked libraries?
That sounds awfully big. Can you post the output of your configure run,
please?
2)
In a paper(2003) called "The Intelligent IDS:The
Next Generation of Intrusion Detection Management
Revealed" Andre Yee of NFR Security Inc. positioned
the ISS and NFR IDSs high,in both detection models:
Protocol Anomaly Detection and Pattern Matching
(a logical assumption in its position.).How do
the Bro IDS position in these models?For Bro
users who have a general knowledge about ISS and
NFR IDSs.
The short answer is "Bro can do both." Its model is more general than
any single category -- remote or local Bro nodes feed events into policy
scripts that are provided in the distribution and adapted to your needs,
or implemented from scratch by you. By configuring the handling of these
events accordingly, you can realize pretty much any network-based
intrusion detection model. The range of events provided gives you all
the building blocks needed for both protocol anomaly detection and
pattern matching.
Please refer to the website & the manuals for more information.
Cheers,
Christian.