IAMDOH software tool helps enhance the accuracy of an IDS system by minimizing fake positive detections, improving its reliability.
The inspiration for IAMDOH came about in early 2003, when the developer was in-between versions of another software tool called WIDZ. During this time, the developer observed that nobody had volunteered to collaborate on the project. However, with the help of some information from the London 2600 group, the developer was able to create IAMDOH as a proof of concept for demonstrating how the techniques used could increase the reliability of IDS systems.
IAMDOH leverages the Nessus database for vulnerability identification and utilizes Nmap for port and OS identification - as well as service identification. In the past, IAMDOH used AMAP and VMAP for service and version identification, but this may change in the future. The tool also uses bug tracking to find online vulnerability information.
To facilitate ease of use and reusability, IAMDOH's GUI is based on existing products such as gnome-terminal. This provides users with the ability to scroll and open browser windows onto nessus.org or bug track. These features would have taken a long time to code, but are easily accessible through IAMDOH.
IAMDOH developers initially had no intention of releasing the tool as they felt discouraged by the lack of cooperative efforts. However, given the recent claims of IDS being obsolete, the developer felt that this tool needs to be shared with the community. The bottom line is that IAMDOH filters out greater than 75% of false positives, making it an efficient addition to your IDS system. Give it a try! The code may have a few glitches, but it successfully proves its point.
Version 1: N/A