< Prev 4 5 6 7 8 9 10 11 12 13 14 Next >
Category: Intrusion Detection
LogAgent 4.0 Open Source is the latest version of the popular log monitoring software. Now monitors also Event Viewer logs, and you have the ability to send the output to the printer. You can also specify NULL directories for greater flexibility. You can also append time and date along with IP, hostname and username. Ships with 2 standalone companion programs, ADSScan (an alternate data stream scanner) and the combo HashGen and Integcheck (a MD5-SHA1 file system integrity checker, or HIDS), both free and Open Source.
Shell Intrusion Detection
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries.
Tiny Honeypot (thp) is a simple honey pot program based on iptables redirects and an xinetd listener. It listens on every TCP port not currently in use, logging all activity and providing some feedback to the attacker. The responders are entirely written in Perl, and provide just enough interaction to fool most automated attack tools, as well as quite a few humans, at least for a little while. With appropriate limits (default), thp can reside on production hosts with negligible impact on performance.
The Viper IDS is an IDS sensor that can be used stand-alone or as an add-on to the Wolverine Firewall and VPN server. It can log all alert information to a remote MySQL database that can be analyzed by applications such as ACID, or can be used with Wolverine to provide real-time responses to potential threats by dynamically adjusting perimeter firewall rule sets. It uses Snort for attack signature detection.
labrea is a program that creates a "sticky honeypot" by taking over unused IP addresses on a network and creating virtual machines that answer to connection attempts. labrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
Instead of having one program perform file integrity checks, another program monitoring the connectivity and health of your network, and yet another monitoring your network for intrusion detection attempts, Demarc PureSecure combines all these services into one powerful client/server program. Not only can you monitor the status of the different machines in your network, but you can also respond to changes in your network all from one centralized location. Security is already a full time job in any network, and the burden of monitoring the reports from multiple programs across dozens of servers can result in information overload. The human mind can only process so much data at any given time before it simply becomes too much to analyze. Demarc PureSecure centralizes the reporting and analysis for the entire network which allows you to more easily weed out the important data from the superfluous background noise, thereby targeting your efforts where they really belong.
single-honeypot simulates many services like SMTP, HTTP, shell, and FTP. It can show many different faces, including those of Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary. HenWen is available in English and German.
SnortCenter is a Web based snort management module.It can handle multiple remote sensor. You can manage and edit the snort config and rule file, auto update with the latest rules without altering your own modifications.
Browse by category