|
(Page 7 of 25) < Prev 2 3 4 5 6 7 8 9 10 11 12 Next > Category: Intrusion Detection Sentry Firewall CD-ROM Added 2004-04-30 Sentry Firewall CD-ROM Version 1.0 is a Linux based bootable CD-ROM suitable for use as an inexpensive and easy to maintain Firewall or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk or a local hard drive. OSIRIS Added 2004-04-27 Osiris is a host integrity management system that can be used to monitor changes to a network of hosts over time and report those changes back to the administrator(s). Currently, this includes monitoring any changes to the filesystems. Osiris takes periodic snapshots of the filesystem and stores them in a database. These databases, as well as the configurations and logs, are all stored on a central management host. When changes are detected, Osiris will log these events to the system log and optionally send email to an administrator. In addition to files, Osiris has preliminary support for the monitoring of other system information including user lists, file system details, kernel modules, and network interface configurations (not included with in this beta release). Snort Alert Monitor Added 2004-03-24 SAM is a real-time Snort alert monitor. It provides many ways to indicate that you may be experiencing an intrusion attempt on your network, including audio/visual warnings, email warnings, etc. Rule-based Intrusion Detection System 1.0 (Default) Added 2004-03-05 RIDS is a machine learning rule-based intrusion detection system for Linux. Big Brother Added 2004-01-06 Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring. I-AM-DOH Added 2004-01-06 IAMDOH is a tool designed to increase the reliability of an IDS by reducing the number of false positives. It uses existing reliable tools like Nmap, Nessus, and Amap to validate IDS alerts based on the following criteria and techniques: OS identification, service identification, port scanning, vulnerability scanning, online CVE and bug interpretation, and server importance weighting. It only works with Snort at the moment. Port Scan Attack Detector (psad) Added 2003-12-29 Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rulesets. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate Mod_security Added 2003-12-23 ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon. SNMPMonitor Added 2003-12-23 SNMPMonitor is a graphical tool for monitoring SNMP devices. fupids Added 2003-12-09 fupids (the fuzzy userprofile intrusion detection system) is a user-profile based IDS for the OpenBSD kernel. It modifies certain syscalls in order to detect suspicious behavior. For example, it watches for network devices being set to promiscuous mode, and it watches for the creation of listen() sockets by users. fupids also handles a program profile for your local users, and it can find attackers who overtake existing accounts. Browse by category |
|
|
Privacy Statement |
