< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Intrusion Detection » Network
Snort (Win32 Source)
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
Shadow is a public domain software system currently in use protecting more than 14,000 hosts in the military and in commercial organizations. Developed by the Naval Surface Warfare Center, Dahlgern Division, it is a filter-based tool that separates the sensor from the analysis station in order to keep attackers in the dark about what is being filtered. Built on tcpdump and other public domain tools, and with hardware requirements under $10K, it provides a low-cost approach to adanced intrusion detection.
UNICORN (Unicos Realtime NADIR)
UNICORN is an expansion on the NADIR project. Unicorn will accept audit logs from Unicos (Cray Unix), Kerberos, and common file systems, then analyze them and attempt to detect intruders in real-time. Because Unicorn was designed for Kerberos and UNIX, the design can be applied to many other network configurations. Unicorn was presented at Supercomputing '95 in San Diego, CA.
KSniffer is a network statistics collector for the KDE environment. It allows a user to watch all network traffic over any network interfaces connected to the host machine. KSniffer supports most TCP/IP protocols, (TCP, IP, UDP, ICMP, ARP, RARP as well as minimal IPX). KSniffer collects the number of packets, and number of bytes for each protocol. It also displays the activity in terms of kbits/sec, kbytes/sec and packets/sec. KSniffer also lets you watch port specific traffic for monitoring things like http, ftp, telnet, etc. traffic.
Netmon is a compact, easy-to-use network information utility. It displays information pertaining to the IP, TCP, UDP and ICMP protocols. It's main purpose is viewing connections made using TCP and UDP protocols from or to your computer. It's main advantages over the console based version, is the the database of common trojan ports, the complete list of well-known ports, the user configurable filters and the automatic hostname lookup.
RazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. RazorBack is designed to work within the GNOME framework on Unix platforms.
Firestorm Firewall Monitor
Firestorm Firewall Monitor is a sister project of the firestorm NIDS. It allows you to monitor your linux ipchains firewall in real time. It utilises the linux kernel firewall netlink device. Be aware that you need to have this compiled in to your kernel to work. Most recent linux ditros have it by default.
SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System, and produce HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts. Added special handling of alerts from the Spade anomalous event sensor, a yet to be released preprocessor that will report on low probability packets, CIDR specification of networks now supported for -homenet, Geektools now added as an IP lookup option, arachNIDS links are now generated even if IDS### is not at the start of the alert message, added new SISR module set_flags.pl to summarize protocol flags and added corresponding details to the example config file.
With rapid development of networks worldwide Intrusion Detection Systems become an important part of network infrastructure in small companies, average-size ISPs and even huge enterprises. As the network grows, scalability and ease of extension become the two important qualifications of a Network Intrusion Detection System (IDS). The purpose of SnortNet development is to bring these qualifications to snort, an OpenSource lightweight intrusion detection system. The 'SnortNet' Distributed Intrusion Detection System (DIDS) developed in this project is a set of Unix-based program modules: sensors, a proxy daemon and a monitoring console designed to monitor network traffic, detect hostile activity, match detected patterns against library of known attacks and pass log messages/alerts to central node. The developed intrusion detection system is partly based on OpenSource (GPL) network based intrusion detection system named snort and uses this module as a sensor. The Internet Alert Protocol (IAP) has been selected as the protocol to be used for exchanging alert information which makes it possible to integrate the developed system with other host and network based intrusion detection systems. For optional data encryption, authentication and access control, the system uses Secure Sockets Layer (SSL) and TCP wrapper libraries.
This bash script is a wrapper to snort utility from www.snort.org It aims to install, start and stop snort in a chroot jail under unprivileged user and group.
Browse by category