< Prev 1 2 3 4 5 6 7 8 9 10 Next >
Category: System Security Management » Firewall
ekkoBSD Firewall is a full-featured operating system with security enhancements, a state tracking packet filter, and a NAT firewall. Its features include firewall traffic shaping, an FTP proxy, an authenticating gateway, a complete logging facility, easy management with the administration tool set, IP address pooling (common address redundancy), and a state log daemon.
Port Scan Attack Detector (psad)
Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rulesets. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate
CheckPoint FW1 VPN Tools (fw1vpntools)
fw1vpntools is a set of some nifty little helpers which can be used for monitoring and maintaining a VPN which is terminated with CheckPoint VPN-1 Firewalls.
Pacemaker is a dynamic rate-limiting script that watches network traffic and determines which machines are probably abusing your network. Pacemaker catches things like Windows worm scans, port scans, P2P network traffic, and anything else that tries to go beyond the normal number of connections a standard machine should use. The machine needs to abuse the network for two minutes before pacemaker will mark the IP address to be rate-limited. A machine will stay marked for as many minutes as it has abused the network.