< Prev 1 2 3 4 5 Next >
Category: Auditing » Network » IDS
BENIDS is a pcap-based Network Intrusion Detection System for Linux. It uses its own XML rule file format which allows arbitrary, complex boolean matching conditions. It generates IDMEFv0.3 alert messages, and also supports fragment and TCP stream reassembly.
HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary. HenWen is available in English and German.
Tiger security tool
TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.
Poor Man's IDS
Poor Man's IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Instead of only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found (if anything).
FIRE, the Forensic and Incident Response Environment, (formerly known as Biatchux) is a portable, bootable CD-ROM-based distribution providing an immediate environment for performing forensics analysis, data recovery, virus scanning, and pen-testing. It also provides the necessary tools for live forensics/analysis/incident response.
Tcpreplay is a tool to replay saved tcpdump files at arbitrary speeds. Many NIDSs fare poorly when looking for attacks on heavily-loaded networks. Tcpreplay allows you to recreate real network traffic from a real network for use in testing.
Fragrouter is a network intrusion detection evasion toolkit. It implements most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. This program was written in the hopes that a more precise testing methodology might be applied to the area of network intrusion detection, which is still a black art at best.
iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP and ICMP traffic. iplog 2.0 is a complete re-write of iplog 1.x, resulting in greater portability and better performance. iplog 2.0 contains all the features of iplog 1.x as well as several new ones. Major new features include a packet filter and detection of more scans and attacks. It currently runs on Linux, FreeBSD, OpenBSD, BSDI and Solaris. Ports to other systems, as well as any contributions at all, are welcome at this time.
This program is a daemon intended to catch someone installing a rootkit or running a packet sniffer. It is designed to run continually with a small footprint under an innocuous name. When triggered, it sends email, appends to a logfile, and disables networking or halts the system. it is designed to install with the minimum of disruption to a normal multiuser system, and should not require rebuilding with each kernel change or system upgrade.
IDES - Intrusion Detection Evasion System
Intrusion Detection Evasion System is a daemon that monitors connections, and forges additional packets to hide from and disturb network monitoring processes of IDS and sniffers. It does this by inserting rst/fin and ack packets with bogus payloads and invalid sequence numbers that only affect network monitors. It also sends a custom amount of SYN requests from arbitrary sources on every real connection attempt it sees, which can for example be used to simulate coordinated scans.
Browse by category