This post is mostly for the archive.
When digging into the history of Network Intrusion Detection Systems, I found that SHADOW was the first open source IDS out there to my knowledge. I looked around for the source code, but found it hard to find the latest version (1.8). I finally got it, and here it is!
Developed in 1994 for the Naval Surface Warfare Center, it was originally named the “Cooperative Intrusion Detection Evaluation and Response (CIDER) project“. It was renamed to SHADOW (Secondary Heuristic Analysis for Defensive Online Warfare).
To my knowledge, the developers where mainly Stephen Northcutt, Bill Ralph and the Naval Surface Warfare Center. I do find the name Olav Kolbu as the author of some scripts, and since he is also a fellow Norwegian working at basefarm, I wrote him a mail and he was the one digging up the latest source code of SHADOW 1.8.
There is also an “updated” version named IDABench, written by George Bakos, to be found here: http://idabench.ists.dartmouth.edu/
I highly recommend checking that out on a home network. Very cool visibility.
There is also a Slackware based iso that is based upon among SHADOW and Snort by Guy Brunea:
Hope this brings joy to others looking for the SHADOW source code.
History class dismissed…