< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Intrusion Detection » Network
Running from cron at a specified interval SnortNotify will search a snort database for new alerts. If new alerts match a pre configured priority level, an email will be sent to the contact. The email will include Sensor name, the signaturename, and the timestamp.
Snort Alert Monitor
SAM is a real-time Snort alert monitor. It provides many ways to indicate that you may be experiencing an intrusion attempt on your network, including audio/visual warnings, email warnings, etc.
Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.
Port Scan Attack Detector (psad)
Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rulesets. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate
SNMPMonitor is a graphical tool for monitoring SNMP devices.
AstroFlowGuard Bandwidth & Security Management
AstroFlowGuard is a Linux-based bandwidth manager, stateful firewall, intrusion detection system, and VPN server. With its user-friendly interface, automatic failover, and smart recovery system, it is the complete tool for anyone wanting to manage bandwidth and network security. It uses a hierarchical class-based system which provides a logical, intuitive view of network classes along with their priorities. It has the ability to manage P2P applications such as Kazaa and the like, manage firewall and bandwidth by time of the day, precedence, strings in any packet, and much more. Diagnose your network by powerful reporting tools that drill down to IP, port, and protocol level with graph and pie charts. It is a self-contained system that offers simple installation by means of a bootable CD and ease of use via a Web based GUI.
OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module.
Snort IDScenter is a GUI for Snort IDS on Windows platforms. Configuration and management of the IDS can be done using IDScenter. Main features are: - Snort configuration wizard (variables, preprocessor plugins, output plugins, rulesets) - Alert notification via e-mail, sound or only visual notification - Alert file monitoring (up to 10 files) - MySQL alert detection - Log rotation (compressed archiving of log files) - AutoBlock (using NetworkICE BlackICE Defender you can block attackers IP's that Snort logged) - Integrated log viewer (supports text files, XML and HTML/webpages) - Program execution if an attack was detected - Test configuration feature: fast testing of your IDS configuration, and more .
LogIDS 1.0 is my latest tool and my personal contribution to the IDS field. I think that LogIDS will change the way people view intrusion detection, and may even redefine terms like ?event correlation?. LogIDS 1.0 is a real-time log-analysis based intrusion detection system, or since it can be fed with logs from other kind of IDS, it can be seen as a mega-IDS. The graphical interface presents you with a representation of your network map, where each node (host or subnet) have its own little console window, where the logs belonging to it can eventually be displayed (depending on your rules). You get to specify the format of the log files you want to monitor, apply rules to these log files using field names you have previously defined, and you configure it to correspond to your environment and that's it! Rules can be displaying the fields you choose in the GUI, emit sounds for warnings or alerts, display icons pertaining to the actions depicted in the logs, or disregard the data if it contains no useful data. You can use LogIDS with LogAgent as a log supplier, and monitor logs from varied sources such as, but not limited to, Event Viewer, ComLog, ADSScan, IntegCheck, LogAgent 4.0 Pro, Snort, personal firewalls, most antivirus products, Apache, and just about any other software that produces ASCII log files (with the notable exception of IIS).
Shell Intrusion Detection
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries.
Browse by category