Implementation of an intrusion detection system

Abstract

Internet was the most widely used information carrier and the service provider for web based information. The Internet servers had to face major problem with illegal access. Generally, when a person made a request to a particular web server, that massage proceeded to the web server through the permitted logical ports (in the case of standard http request, the port number 80). If a hacker tried to access the web server through ports that not opened to the outside world (eg. Port 25, 21 that did not permit http request), then the system detected the information about such unusual requests and wrote die relevant information to a file, which would be read by security experts or system administrators. The IDS program developed to capture the data packets at the network interface before it entering to the firewall, and captured data packet not reassembled and read their header data such as source IP, source port, protocol etc. The program wrote in C language for the programmable Ethernet card, and the program could run in Linux environment. The program successfully detected unusual traffic other than http request made to a web server. As a future development, source IP address could be converted to FQDN, that identified domain name and time where unusual request made.