8 Apr 2000 mwimer   » (Journeyer)

Well, i talked to our other lead here at work and it seems that our kernel modifications, modules, and watcher app is going into its first alpha cycle. We are hoping to ship a product by august. This may be a little rushed but we think we can manage if we don't run into any large snags.

Our product, called ARIA, is integrated into the linux kernel and monitors system health. Health is determined by a calibration set collected from the kernel during nominal activity. If the health of the system moves our of a range set by the user then the user is notified. Its works reasonably well. You can tell when you are being port scaned or dosed.

A follow up tool called RIDS will be released shortly after the relese of ARIA. RIDS is defensive and will try to stop any anomalous activity that it sees on the system. I like to think this tool is only for the truly paranoid. :)

I feel that i should start running it at home before posting these props. Maybe, i'll calibrate it at my home machine and see if i can't detect malicious activity, after i go rile up some L33T h4x0rs. :)

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!