http://www.perlmonks.org?node_id=154680


in reply to Re: How do *you* secure your network with Perl?
in thread How do *you* secure your network with Perl?

While you *could* write an IDS in perl, I am pretty sure any link with much activity would cause the PerlIDS(tm) to drop packets.

However, a better use for perl in your IDS implementation is in the role of analysis scripts. Your IDS implementation should probably consist of one or more "quick and dirty" systems -- snort (or your IDS of choice) with fewer rules, and one or more analysis machines. Perl excels in the analysis role -- processing "historical" data.

Replies are listed 'Best First'.
(shockme) Re: Re: Re: How do *you* secure your network with Perl?
by shockme (Chaplain) on Mar 28, 2002 at 03:20 UTC
    On the subject of analysis (and somewhat removed from "modules"), I've had great success with Psionic's PortSentry, HostSentry and LogSentry.

    If things get any worse, I'll have to ask you to stop helping me.