(Page 7 of 12)   < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >

Category: Intrusion Detection » Network

Added 2001-10-22
by Whoix Dump
Ip Logger via your keyboard leds. It logs raw packet at the device driver (OSI Layer 2) level. It notifies ICMP, UDP, TCP packet.

Added 2001-10-22
by Xato Network Security, Inc
A very useful windows-based utility for managing, controlling, and monitoring the Snort IDS.

Added 2001-10-22
by Lawrence Teo, lawrenceteo@usa.net
SIDEN is a distributed network discovery tool used for intrusion detection research. The current SIDEN architecture allows you to simulate coordinated/distributed network probes by a group of attackers. Using it, you can simulate such probes against one target or many targets. The point of this is to generate the traffic caused by distributed network probes, so that it can be analyzed for better understanding of distributed network probes. This will hopefully help us to improve how Intrusion Detection Systems are written.

Added 2001-10-22
by Paul Ritchey
Snorticus is a collection of useful scripts that are used support the automatic retrieval and processing of collected Snort data from multiple sensors. The basic concept is to have multiple sensors deployed that collect data. That data is 'wrapped up' once an hour and pulled back to a box that is used to further analyze the collected data (SnortSnarf) and then is used by analysts to view it via a web interface. Snorticus gives you the ability to manage not only data from multiple sites, but also the ability to monitor multiple subnets at a time with the same sensor (accomplished by launching multiple instances of Snort on the same sensor). While individual sensor data (or 'site' data) is kept separated, if a sensor is monitoring multiple subnets, that data will be automatically combined down so that those multiple Snort instances monitoring multiple subnets on the same sensor appear as one. Snorticus supports sites across time zones - it detects the proper date/time it should retrieve from the sensor so that all data residing on the analyst box is at most 1 hour old.

SPADE (Statistical Packet Anomaly Detection Engine)
Added 2001-10-22
by Jim Hoagland and Stuart Staniford
SPADE stands for the Statistical Packet Anomaly Detection Engine. It is a Snort preprocessor plugin which sends alerts of anomalous packet through standard Snort reporting mechanisms. Please consider this to be experimental, though it has worked well for us.

Added 2001-10-22
by Daniel Swan, swan_daniel@hotmail.com
snort2html converts Snort Intrusion Detection System logs into HTML.

Atelier Web Security Port Scanner
Added 2001-10-22
by Jose Pascoa, japp@atelierweb.com
AWSPS features a very comprehensive set of tools, some of them unique, for in-depth assessment of Network Security: * High-speed TCP Connect scanning engine, with adjustable maximum number of simultaneously opened ports and no-connection time-out adjustment. * High-speed TCP Syn scanning engine for Windows 2000 platforms with TCP/IP and ICMP packet capture, report on pen/Retransmits, Close, Filtered ports, ICMP packet decoding and much more. * Fast reliable UDP Port scanner with intelligent test probing of ports to confirm whether the host is up. * State-of-the-art NetBIOS scanner (AWSPS Professional only). * Unique Mapping of Ports to applications feature (Ports Finder). * Local Connections and Listening Ports instant report. * Local TCP, UDP and ICMP statistics instant report. * Local Active Routes, DNS Servers and Persistent Routes. * Local IP Statistics/Settings instant report. * Local Transport Protocols/Winsock Service Providers list and details. * Local Addressing information table. * Local Net to media information table. * Local Interfaces Statistics/Settings instant report. * Local Network related Local Registry settings. * Comprehensive Local Area Network information, including NetBIOS Names, LANA, Shares, Security Information, Groups/Users and running Services. * The most complete TCP/UDP ports database. * Full-featured Time synchronyzer according to SNTP (RFC 1769), TIME TCP (RFC 868) and TIME UDP (RFC 868).

Added 2001-10-22
by Stéphane Aubert,
The main goal of IDSwakeup is to generate false attack that mimic well known ones, in order to see if NIDS detects them and generates false positives.

Added 2001-10-22
by User Datagram Protocol
This is a kernel module which you can load to detect attempts to put devices into promiscuous mode from user space via DLPI (e.g. solsniff, tcpdump, anything pcap based). It dumps the cred struct for the process, and the driver responsible, to the dmesg output buffer for collection by syslog. Read the source, please.

Added 2001-10-22
by sourceforge
Hogwash is designed to take out 95% of the stock attacks all the kiddies throw at your network. Hogwash lives inline like a firewall, but it works differently. Instead of closing ports like a traditional firewall, it drops or modifies specific packets based on a signature match. Hogwash lives directly on top of the network driver, so it doesn't require an IP stack to work. It stops attacks that can't be blocked by a traditional firewall and can be used to protect systems that are unpatchable for one reason or another. The signature matching engine is based on Snort.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus