(Page 6 of 12)   < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >

Category: Intrusion Detection » Network

Snort (Win32 Source)
Added 2001-11-06
by Michael Davis , original code by Martin Roesch
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

NSWC SHADOW
Added 2001-10-31
by Naval Surface Warfare Center, Dahlgren Division
Shadow is a public domain software system currently in use protecting more than 14,000 hosts in the military and in commercial organizations. Developed by the Naval Surface Warfare Center, Dahlgern Division, it is a filter-based tool that separates the sensor from the analysis station in order to keep attackers in the dark about what is being filtered. Built on tcpdump and other public domain tools, and with hardware requirements under $10K, it provides a low-cost approach to adanced intrusion detection.

UNICORN (Unicos Realtime NADIR)
Added 2001-10-22
by Los Alamos National Laboratory
UNICORN is an expansion on the NADIR project. Unicorn will accept audit logs from Unicos (Cray Unix), Kerberos, and common file systems, then analyze them and attempt to detect intruders in real-time. Because Unicorn was designed for Kerberos and UNIX, the design can be applied to many other network configurations. Unicorn was presented at Supercomputing '95 in San Diego, CA.

KSniffer
Added 2001-10-22
by Walter A. Boring IV, waboring@veracity.nu
KSniffer is a network statistics collector for the KDE environment. It allows a user to watch all network traffic over any network interfaces connected to the host machine. KSniffer supports most TCP/IP protocols, (TCP, IP, UDP, ICMP, ARP, RARP as well as minimal IPX). KSniffer collects the number of packets, and number of bytes for each protocol. It also displays the activity in terms of kbits/sec, kbytes/sec and packets/sec. KSniffer also lets you watch port specific traffic for monitoring things like http, ftp, telnet, etc. traffic.

Netmon
Added 2001-10-22
by Johan Samuelson
Netmon is a compact, easy-to-use network information utility. It displays information pertaining to the IP, TCP, UDP and ICMP protocols. It's main purpose is viewing connections made using TCP and UDP protocols from or to your computer. It's main advantages over the console based version, is the the database of common trojan ports, the complete list of well-known ports, the user configurable filters and the automatic hostname lookup.

RazorBack
Added 2001-10-22
by InterSect Alliance
RazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. RazorBack is designed to work within the GNOME framework on Unix platforms.

Firestorm Firewall Monitor
Added 2001-10-22
by
Firestorm Firewall Monitor is a sister project of the firestorm NIDS. It allows you to monitor your linux ipchains firewall in real time. It utilises the linux kernel firewall netlink device. Be aware that you need to have this compiled in to your kernel to work. Most recent linux ditros have it by default.

SnortSnarf
Added 2001-10-22
by Stuart Staniford , James Hoagland and Joe
SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System, and produce HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts. Added special handling of alerts from the Spade anomalous event sensor, a yet to be released preprocessor that will report on low probability packets, CIDR specification of networks now supported for -homenet, Geektools now added as an IP lookup option, arachNIDS links are now generated even if IDS### is not at the start of the alert message, added new SISR module set_flags.pl to summarize protocol flags and added corresponding details to the example config file.

SnortNet
Added 2001-10-22
by Fyodor
With rapid development of networks worldwide Intrusion Detection Systems become an important part of network infrastructure in small companies, average-size ISPs and even huge enterprises. As the network grows, scalability and ease of extension become the two important qualifications of a Network Intrusion Detection System (IDS). The purpose of SnortNet development is to bring these qualifications to snort, an OpenSource lightweight intrusion detection system. The 'SnortNet' Distributed Intrusion Detection System (DIDS) developed in this project is a set of Unix-based program modules: sensors, a proxy daemon and a monitoring console designed to monitor network traffic, detect hostile activity, match detected patterns against library of known attacks and pass log messages/alerts to central node. The developed intrusion detection system is partly based on OpenSource (GPL) network based intrusion detection system named snort and uses this module as a sensor. The Internet Alert Protocol (IAP) has been selected as the protocol to be used for exchanging alert information which makes it possible to integrate the developed system with other host and network based intrusion detection systems. For optional data encryption, authentication and access control, the system uses Secure Sockets Layer (SSL) and TCP wrapper libraries.

snortstart
Added 2001-10-22
by zas, zas@norz.org
This bash script is a wrapper to snort utility from www.snort.org It aims to install, start and stop snort in a chroot jail under unprivileged user and group.

Search Tools
Keyword:
Platform:
Category:
Browse by category
Auditing
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Sniffers
Recovery
Passwords
Utilities
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
Authentication
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Replacement
Libraries, Applications
Programming
Libraries
Cryptography
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Rootkits
Secure Deletion
Hardening
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


 

Privacy Statement
Copyright 2010, SecurityFocus