Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Ossim

  1. #1
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default Ossim

    Has anyone read about/used this?

    http://www.ossim.net/home.php

    If this works they way it is described in the website, it blows the snort-BASE tandem out of the water.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by anubis2k7 View Post
    Has anyone read about/used this?

    http://www.ossim.net/home.php

    If this works they way it is described in the website, it blows the snort-BASE tandem out of the water.
    Looks interesting. Maybe I'll have to throw together another box and put it side by side with my snort box and see how it compares.

    Of course, I'll have to wait until I finish a couple of projects first, so it's gonna be a month or so.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Senior Member
    Join Date
    Jan 2006
    Posts
    1,334

    Default

    That's nice....a VMimage to play with to get a feel for it. Nice idea.
    Thanks for the link

  4. #4
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Hmmm... wish there was an OpenBSD version available. I may try it out anyways... I wonder how it compares in the resource hog department.
    dd if=/dev/swc666 of=/dev/wyze

  5. #5
    Senior Member
    Join Date
    Jan 2006
    Posts
    1,334

    Default

    Apparently, the VMimage is now pretty much redundant, as they now have a nice installer which does it all, from creating partitions, installing the OS, to setting up the programs (minus user specific info, of course)
    This installer will also install into a VM, too, hence the image becoming unnecessary.

  6. #6
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    I just downloaded and burned the installer iso. After dinner I'm going to install it on a spare machine... I'll post my results
    dd if=/dev/swc666 of=/dev/wyze

  7. #7
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    I spent the last couple of hours playing around with this. I used the all in one installer and put it on a VMware box.

    This is really one impressive system....it makes snort-BASE look like a 6-year old's crayon drawing. BASE is one of many components in the system.

    The NTOP plug in parses all network data, allowing users to view all traffic all over the network in a nice web-based gui format. I especially like the sessions function which logs all active TCP connections. Using this, an admin can simply look at this list and see which computers are connected where.

    The nessus plug in is also nice because it allows you to schedule periodic scans (a la corporate GFI LANGUARD) to find potentially vulnerable hosts.

    They have a man page describing the front end:

    http://www.ossim.net/dokuwiki/doku.p...l:introduction

    Like all IDS systems, this does need some customization. Some things I don't like are the fact that the X window system is not installed on the OS...I have yet to get it to work. Also, it seems p0f is used a lot to identify hosts on the network...p0f is quite old and its signature files are out of date. I think ettercap would have been a better choice for os detection.

    I'm still learning this, so I'll keep you posted.

  8. #8
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    This looks really good, I'm planning on setting SNORT and BASE over the weekend so I think I'll include this as well.

    ====================
    Has anybody used SourceFire 3D got an email from SNORT about it this week:

    http://www.sourcefire.com/resources/...sdemosnort0208

  9. #9

    Default

    Yes, this is a very interesting project I have been fallowing and toying with in my spare time for the past few months. It seems it has gained more support and much more needed documentation. Trying a new clean install with 1.0.3 and see how this will go.
    15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
    1000HE EEE 30 gig SSD 2 gigs Ram

  10. #10
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    My recommendation is not to use the installer unless absolutely necessary, since there are a lot of features that would only be used in an enterprise environment.
    dd if=/dev/swc666 of=/dev/wyze

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •