|
(Page 7 of 12) < Prev 2 3 4 5 6 7 8 9 10 11 12 Next > Category: Intrusion Detection » Network Prelude Added 2001-10-22 Prelude is a Network Intrusion Detection system. It is composed of the Prelude and Prelude Report programs. The first is for packet capture and data analysis, the second, for reporting attacks in a user readable form. Other important and current features of Prelude are an IP defragmentation stack and detection plugins with persistant state. TraceDet Added 2001-10-22 TraceDet is a Traceroute Detector for Windows NT. Basically, it detects and logs if somebody trace routes to your host. The idea is that when somebody traces to your host, you receive IP packets with TTL value equal to 1. So, TraceDet looks out for such packets. Requires WinPCAP Drivers. arirang Added 2001-10-22 arirang is a powerful webserver security scanner with support for: -Operating System Detect -flexible scan rule databases -scan list file -http port -wide network(ip range) scan -wide network webserver type scan -patch information. -http request injection. -virtual host scan -fast scan, and -included last (~2001/05/25) WWW Vulnerabilities able to check (700 over check) Tamandua Network Intrusion Detection Added 2001-10-22 Main features: Distributed sensors; Centralized console; Multi-layered signatures; Session-based network analysis; Multi-threaded packet capture; De-Fragmented packets analysis; Human readable signatures; Packet save session database; Convert your personal snort signs; Easy-to-install, Easy-to-use. SnortSnarf Added 2001-10-22 SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System, and produce HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts. Added special handling of alerts from the Spade anomalous event sensor, a yet to be released preprocessor that will report on low probability packets, CIDR specification of networks now supported for -homenet, Geektools now added as an IP lookup option, arachNIDS links are now generated even if IDS### is not at the start of the alert message, added new SISR module set_flags.pl to summarize protocol flags and added corresponding details to the example config file. SnortNet Added 2001-10-22 With rapid development of networks worldwide Intrusion Detection Systems become an important part of network infrastructure in small companies, average-size ISPs and even huge enterprises. As the network grows, scalability and ease of extension become the two important qualifications of a Network Intrusion Detection System (IDS). The purpose of SnortNet development is to bring these qualifications to snort, an OpenSource lightweight intrusion detection system. The 'SnortNet' Distributed Intrusion Detection System (DIDS) developed in this project is a set of Unix-based program modules: sensors, a proxy daemon and a monitoring console designed to monitor network traffic, detect hostile activity, match detected patterns against library of known attacks and pass log messages/alerts to central node. The developed intrusion detection system is partly based on OpenSource (GPL) network based intrusion detection system named snort and uses this module as a sensor. The Internet Alert Protocol (IAP) has been selected as the protocol to be used for exchanging alert information which makes it possible to integrate the developed system with other host and network based intrusion detection systems. For optional data encryption, authentication and access control, the system uses Secure Sockets Layer (SSL) and TCP wrapper libraries. snortstart Added 2001-10-22 This bash script is a wrapper to snort utility from www.snort.org It aims to install, start and stop snort in a chroot jail under unprivileged user and group. iplogled Added 2001-10-22 Ip Logger via your keyboard leds. It logs raw packet at the device driver (OSI Layer 2) level. It notifies ICMP, UDP, TCP packet. snort.panel Added 2001-10-22 A very useful windows-based utility for managing, controlling, and monitoring the Snort IDS. SIDEN Added 2001-10-22 SIDEN is a distributed network discovery tool used for intrusion detection research. The current SIDEN architecture allows you to simulate coordinated/distributed network probes by a group of attackers. Using it, you can simulate such probes against one target or many targets. The point of this is to generate the traffic caused by distributed network probes, so that it can be analyzed for better understanding of distributed network probes. This will hopefully help us to improve how Intrusion Detection Systems are written. Browse by category |
|
|
Privacy Statement |
