|
(Page 8 of 12) < Prev 2 3 4 5 6 7 8 9 10 11 12 Next > Category: Intrusion Detection » Network Snorticus Added 2001-10-22 Snorticus is a collection of useful scripts that are used support the automatic retrieval and processing of collected Snort data from multiple sensors. The basic concept is to have multiple sensors deployed that collect data. That data is 'wrapped up' once an hour and pulled back to a box that is used to further analyze the collected data (SnortSnarf) and then is used by analysts to view it via a web interface. Snorticus gives you the ability to manage not only data from multiple sites, but also the ability to monitor multiple subnets at a time with the same sensor (accomplished by launching multiple instances of Snort on the same sensor). While individual sensor data (or 'site' data) is kept separated, if a sensor is monitoring multiple subnets, that data will be automatically combined down so that those multiple Snort instances monitoring multiple subnets on the same sensor appear as one. Snorticus supports sites across time zones - it detects the proper date/time it should retrieve from the sensor so that all data residing on the analyst box is at most 1 hour old. SPADE (Statistical Packet Anomaly Detection Engine) Added 2001-10-22 SPADE stands for the Statistical Packet Anomaly Detection Engine. It is a Snort preprocessor plugin which sends alerts of anomalous packet through standard Snort reporting mechanisms. Please consider this to be experimental, though it has worked well for us. snort2html Added 2001-10-22 snort2html converts Snort Intrusion Detection System logs into HTML. Atelier Web Security Port Scanner Added 2001-10-22 AWSPS features a very comprehensive set of tools, some of them unique, for in-depth assessment of Network Security: * High-speed TCP Connect scanning engine, with adjustable maximum number of simultaneously opened ports and no-connection time-out adjustment. * High-speed TCP Syn scanning engine for Windows 2000 platforms with TCP/IP and ICMP packet capture, report on pen/Retransmits, Close, Filtered ports, ICMP packet decoding and much more. * Fast reliable UDP Port scanner with intelligent test probing of ports to confirm whether the host is up. * State-of-the-art NetBIOS scanner (AWSPS Professional only). * Unique Mapping of Ports to applications feature (Ports Finder). * Local Connections and Listening Ports instant report. * Local TCP, UDP and ICMP statistics instant report. * Local Active Routes, DNS Servers and Persistent Routes. * Local IP Statistics/Settings instant report. * Local Transport Protocols/Winsock Service Providers list and details. * Local Addressing information table. * Local Net to media information table. * Local Interfaces Statistics/Settings instant report. * Local Network related Local Registry settings. * Comprehensive Local Area Network information, including NetBIOS Names, LANA, Shares, Security Information, Groups/Users and running Services. * The most complete TCP/UDP ports database. * Full-featured Time synchronyzer according to SNTP (RFC 1769), TIME TCP (RFC 868) and TIME UDP (RFC 868). IDSwakeup Added 2001-10-22 The main goal of IDSwakeup is to generate false attack that mimic well known ones, in order to see if NIDS detects them and generates false positives. solpromisc Added 2001-10-22 This is a kernel module which you can load to detect attempts to put devices into promiscuous mode from user space via DLPI (e.g. solsniff, tcpdump, anything pcap based). It dumps the cred struct for the process, and the driver responsible, to the dmesg output buffer for collection by syslog. Read the source, please. Firestorm IDS Added 2001-10-22 Firestorm is a very lightweight and flexible base for a heirarchical NIDS. It aims to be very fast and support many open protocols and formats. It will also support SQL integration, and all the other features a commercial system would offer. KSniffer Added 2001-10-22 KSniffer is a network statistics collector for the KDE environment. It allows a user to watch all network traffic over any network interfaces connected to the host machine. KSniffer supports most TCP/IP protocols, (TCP, IP, UDP, ICMP, ARP, RARP as well as minimal IPX). KSniffer collects the number of packets, and number of bytes for each protocol. It also displays the activity in terms of kbits/sec, kbytes/sec and packets/sec. KSniffer also lets you watch port specific traffic for monitoring things like http, ftp, telnet, etc. traffic. Py-Libpcap Added 2001-10-22 This module allows Python functions to process packets captured with the libpcap library (used by tcpdump and many other packages.) It currently runs on Linux. IP Logger Added 2001-10-22 iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP and ICMP traffic. Adding support for other protocols should be relatively easy. iplog contains a built-in packet filter, allowing for logging or excluding packets that fit a given set of criteria. Browse by category |
|
|
Privacy Statement |
