Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Re: How do *you* secure your network with Perl?

by Rhose (Priest)
on Mar 27, 2002 at 14:58 UTC ( #154680=note: print w/replies, xml ) Need Help??


in reply to Re: How do *you* secure your network with Perl?
in thread How do *you* secure your network with Perl?

While you *could* write an IDS in perl, I am pretty sure any link with much activity would cause the PerlIDS(tm) to drop packets.

However, a better use for perl in your IDS implementation is in the role of analysis scripts. Your IDS implementation should probably consist of one or more "quick and dirty" systems -- snort (or your IDS of choice) with fewer rules, and one or more analysis machines. Perl excels in the analysis role -- processing "historical" data.

  • Comment on Re: Re: How do *you* secure your network with Perl?

Replies are listed 'Best First'.
(shockme) Re: Re: Re: How do *you* secure your network with Perl?
by shockme (Chaplain) on Mar 28, 2002 at 03:20 UTC
    On the subject of analysis (and somewhat removed from "modules"), I've had great success with Psionic's PortSentry, HostSentry and LogSentry.

    If things get any worse, I'll have to ask you to stop helping me.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://154680]
help
Chatterbox?
[Discipulus]: Corion are you would able to realize such thing? O_O
[Corion]: In the same vein I have a script that automates Firefox to enter some data into another system. It's not faster than the people using the script if they were to do it manually, but they prefer not having to check the data and not having typos when ...
[Corion]: ... entering the data
[Corion]: Discipulus: I don't know whether I could really do that, but the init process itself mostly launches other processes, and the whole startup is just following a path of dependencies and making sure they are all running. Which basically is what ...
[Discipulus]: when at work my time is (temporarly) owned by the firm, so i do not care (coworkers whatch movies.. I code Perl)
[Corion]: ... make already does, except for files instead of programs. But maybe with some /proc hackery, that could be eliminated and one could use plain make :-D
[choroba]: systemd just makes is asynchronous
[choroba]: so, make -j
[Corion]: Discipulus: Yeah - but when writing Perl to save time (instead of having fun), it helps to look whether you're actually saving time ;) Why spend 5 minutes doing manually what you can spend three years automating? ;)
[Corion]: choroba: Oh, yeah :-D

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (7)
As of 2017-07-27 09:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I came, I saw, I ...
























    Results (408 votes). Check out past polls.