< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Intrusion Detection » Network
Tiny Honeypot (thp) is a simple honey pot program based on iptables redirects and an xinetd listener. It listens on every TCP port not currently in use, logging all activity and providing some feedback to the attacker. The responders are entirely written in Perl, and provide just enough interaction to fool most automated attack tools, as well as quite a few humans, at least for a little while. With appropriate limits (default), thp can reside on production hosts with negligible impact on performance.
labrea is a program that creates a "sticky honeypot" by taking over unused IP addresses on a network and creating virtual machines that answer to connection attempts. labrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
Instead of having one program perform file integrity checks, another program monitoring the connectivity and health of your network, and yet another monitoring your network for intrusion detection attempts, Demarc PureSecure combines all these services into one powerful client/server program. Not only can you monitor the status of the different machines in your network, but you can also respond to changes in your network all from one centralized location. Security is already a full time job in any network, and the burden of monitoring the reports from multiple programs across dozens of servers can result in information overload. The human mind can only process so much data at any given time before it simply becomes too much to analyze. Demarc PureSecure centralizes the reporting and analysis for the entire network which allows you to more easily weed out the important data from the superfluous background noise, thereby targeting your efforts where they really belong.
single-honeypot simulates many services like SMTP, HTTP, shell, and FTP. It can show many different faces, including those of Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary. HenWen is available in English and German.
Poor Man's IDS
Poor Man's IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Instead of only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found (if anything).
WHArsenal is designed to be the next generation of professional web security audit software. Architected from the ground up to be a generic web application security productivity tool, WHArsenal gives security professionals and web developer's access to the tools they need to make the job securing web applications faster and easier. WHArsenal possesses a powerful suite of GUI-Browser based web security tools. These endowments make WHArsenal capable of completing painstaking web security pen-test work considerably faster and more effectively than any of the currently available tools.
Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a seperate "alert" file, or as a WinPopup message via Samba's smbclient.
NetSPoc (Network Security Policy Compiler)
The Network Security Policy Compiler (NetSPoC) is a tool for security management of large computer networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware; a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
Quarantine is yet another firewall that has masquerade, TOS, and experimental traffic-shaping features. It has a lot of options, but is quite easy to configure. It was formerly known as Netwall.
Browse by category