[Plug-security] Something to look at.
Kit Plummer
plug-security@lists.PLUG.phoenix.az.us
17 Jul 2001 07:35:58 -0700
Cool! Though, I am not sure I understand why you would need the IS at
the kernel level. It seems like it makes more sense at the network
level as the ISes are typically found vice tripwire.
Did you go to DEF CON?
Kit
On 17 Jul 2001 00:44:54 -0700, foodog wrote:
> KIS, kernel intrusion system. An arguably gray hat kernel module was
> presented at DEF CON Saturday. It's for Linux kernel versions 2.2.x -
> 2.4.x. It's available for download now from uberhax0r.net/kis/
>
> I mention it for 2 reasons. 1st, I think it has serious potential as
> part of an intrusion detection solution; the author expressed interest
> in how the security community reacts. 2nd, I think it's a good plan to
> learn about it. It's friendly enough that the kiddies will *love* it.
> The client can be GUI-driven, and it has brief, usable docs.
>
> The docs barely scratch the capabilities, BTW. The author, Optyx, is
> talented.
> Regards,
> Steve
> _______________________________________________
> Plug-security mailing list - Plug-security@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-security
>