|
(Page 9 of 12) < Prev 2 3 4 5 6 7 8 9 10 11 12 Next > Category: Intrusion Detection » Network IDS Alert Script for FW-1 Added 2001-10-22 Flexible network based IDS script for CheckPoint Firewall-1 installations. Build Intrusion Detection into your firewall. Features include: Automated alerting, logging, and archiving Automated blocking of attacking source Automated identification and email remote site Installation and test script Fully configurable Ver 1.3 Optimized for performance, over 50% speed increase. Slinux Added 2001-10-22 Slinux is a modular Redhat security enhancement suite, which comes with it's own kernel. It's main goal is to make things as modular as possible, whether you want to run your services in secured environment or perhaps turn your workstation into powerful network monitoring station/intrusion detector. Fragrouter Added 2001-10-22 Fragrouter is a network intrusion detection evasion toolkit. It implements most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. This program was written in the hopes that a more precise testing methodology might be applied to the area of network intrusion detection, which is still a black art at best. Minga network data recorder Added 2001-10-22 The purpose of the Minga network data recorder is to monitor daemon traffic on a certain machine (or a set of machines). It acomplishes this by replacing normal daemons and/or servers with a set of scripts that emulate normal activity of these servers. While they interact with the clients, they record all traffic send to the daemons. This is useful because on machines that normally don't run these daemons, you can see if anyone if attempting to use them anyways. You can analyse whether these attempts are malicious in nature or are 'friendly'. K-Arp-Ski Added 2001-10-22 K-Arp-Ski is a project that started with the intention of being a simple network mapper and misuse detector. It has since turned into a decent sniffer with a Gtk interface. jail Added 2001-10-22 jail (Just Another IP Logger) consists of two small programs (icmplog and tcplog) which run in the background, logging the reception of ICMP and TCP packets to the system log. The level at which any packet is logged is completely configurable. This is a useful network monitoring tool, and can help to detect attempted denials of service. Autobuse Added 2001-10-22 Autobuse is a script G. Taylor wrote to identify probes and the like in logfiles and automatically report them via email. This is, in a way, the opposite of logcheck, in that autobuse tries to identify known badness and deal with it automatically, while logcheck tries to identify known goodness and leave you with the rest. Autobuse is not a substitute for proper vigilance; it is merely an effort to automatically handle the fallout from script kiddies. Courtney Added 2001-10-22 Courtney is a "ids" system, which monitors for SATAN probes and attacks. It receives its input from tcpdump, counting the number of new services a machine originates within a time window. If the threshold is exceeded by a host, it is flagged as a potential SATAN host. iplogger-ident Added 2001-10-22 iplogger is a simple program to log tcp connections, and icmp packets, to the syslog service. It also makes some rudimentary ftp bounce attack checks. Upon the creation of a connection, a message will be logged detailing the time, the source host, and the destination service. If the 'ident' service is available (RFC1413), the name of the user establishing the connection will also be logged. Emergency Audit Response System Added 2001-10-22 EARS (Emergency Audit Response System) is an intrusion detection system which responds to abnormal system, user and network behaviors in real time, in a distributed manner. EARS are distributed agents which reside on the end point, monitoring the host, and reporting activities to it's peers. Browse by category |
|
|
Privacy Statement |
