Hi Naveed,
Do u want to actually design and build an IDS system or use any existing IDS system and add some features and GUI stuff. snort is already available open source IDS system. It covers fragmentation and timings and based on signature matching with rich set of signatures.
If you want to design your own IDS you ll need proxy application to receive data from clients and forward it to server. And signature matching engine to match vulnerability signatures against TCP payload. Depending on the result of matching you can let the connection continue or can drop it by sending reset packets to client and server.
Thanks,
lasthell
|