|
(Page 6 of 12) < Prev 1 2 3 4 5 6 7 8 9 10 11 Next > Category: Intrusion Detection » Network Snort (Win32 Source) Added 2001-11-06 Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. NSWC SHADOW Added 2001-10-31 Shadow is a public domain software system currently in use protecting more than 14,000 hosts in the military and in commercial organizations. Developed by the Naval Surface Warfare Center, Dahlgern Division, it is a filter-based tool that separates the sensor from the analysis station in order to keep attackers in the dark about what is being filtered. Built on tcpdump and other public domain tools, and with hardware requirements under $10K, it provides a low-cost approach to adanced intrusion detection. UNICORN (Unicos Realtime NADIR) Added 2001-10-22 UNICORN is an expansion on the NADIR project. Unicorn will accept audit logs from Unicos (Cray Unix), Kerberos, and common file systems, then analyze them and attempt to detect intruders in real-time. Because Unicorn was designed for Kerberos and UNIX, the design can be applied to many other network configurations. Unicorn was presented at Supercomputing '95 in San Diego, CA. KSniffer Added 2001-10-22 KSniffer is a network statistics collector for the KDE environment. It allows a user to watch all network traffic over any network interfaces connected to the host machine. KSniffer supports most TCP/IP protocols, (TCP, IP, UDP, ICMP, ARP, RARP as well as minimal IPX). KSniffer collects the number of packets, and number of bytes for each protocol. It also displays the activity in terms of kbits/sec, kbytes/sec and packets/sec. KSniffer also lets you watch port specific traffic for monitoring things like http, ftp, telnet, etc. traffic. Netmon Added 2001-10-22 Netmon is a compact, easy-to-use network information utility. It displays information pertaining to the IP, TCP, UDP and ICMP protocols. It's main purpose is viewing connections made using TCP and UDP protocols from or to your computer. It's main advantages over the console based version, is the the database of common trojan ports, the complete list of well-known ports, the user configurable filters and the automatic hostname lookup. RazorBack Added 2001-10-22 RazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. RazorBack is designed to work within the GNOME framework on Unix platforms. Firestorm Firewall Monitor Added 2001-10-22 Firestorm Firewall Monitor is a sister project of the firestorm NIDS. It allows you to monitor your linux ipchains firewall in real time. It utilises the linux kernel firewall netlink device. Be aware that you need to have this compiled in to your kernel to work. Most recent linux ditros have it by default. Firestorm IDS Added 2001-10-22 Firestorm is a very lightweight and flexible base for a heirarchical NIDS. It aims to be very fast and support many open protocols and formats. It will also support SQL integration, and all the other features a commercial system would offer. Sentinel Security Toolkit Added 2001-10-22 Sentinel is a fast file scanner similar to Tripwire or Viper with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database. Disclaimer: this is not a security toolkit. It is a single purpose file/drive scanning program. Available versions are for linux (tested on all current Slackware and RedHat releases), with Irix versions soon to be added on. IPtrap Added 2001-10-22 IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported. Browse by category |
|
|
Privacy Statement |
