Projects tagged ‘ids’

Snort® is an open source network intrusion prevention and detection system using a flexible rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection ... [More] methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. [Less]

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve ... [More] this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language. Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events. Prelude is commited to providing an Hybrid IDS that offers the ability to unify currently available tools. [Less]

Vyatta software is a Linux-based, open networking (advanced routing & security) solution that leverages x86 hardware and components to deliver a flexible, affordable alternative to Cisco 1800 through ... [More] 7200 series routers. Vyatta is a enterprise class, commercial open source offering that can deliver BGP, OSPF, RIP routing, firewall, IPSec and SSL VPN, Intrusion Prevention and more that can scale from the branch office to the service provider edge for a fraction of the cost of proprietary alternatives. Being software-based also allows Vyatta to deliver a full suite of Layer-3 routing and security services to VMware and Xen virtualization platforms. [Less]

IPFire is new-developed firewall build with the latest releases of linux 2.6 and tools. You are able to install a lot of addons and you will see a firewall can become a home server.

Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network ... [More] traffic to extract its application-level semantics and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts). [Less]

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port ... [More] scan detection tools out there, scanlogd is designed to be totally safe to use. scanlogd supports several packet capture interfaces: the raw socket interface on Linux (which does not require any libraries), libnids, and libpcap. [Less]

PacketFu is a mid-level, cross-platform packet manipulation library for Ruby, allowing for easy Layer 4 and below packet creation and parsing. It requires: Ruby (1.8.6 or later) PcapRub ... [More] (0.8-dev or later) BinData (0.9.3 or later) Both PcapRub and BinData are distributed as part of PacketFu distro. PacketFu is also itself packaged with Metasploit for packet crafting goodness. [Less]

Anomaly based intrusion detection technique is supposed to be able to defend against zero day attacks. While due to high false positives, the current anomaly detection approaches mostly stay on the ... [More] research phase, not practical products. The purpose of this project is to put the most recent academic research results on anomaly network intrusion detection into a practical product on Windows Platform. The following list gives the expectation on the project: A kernel level NIDS product (similar to Norton antivirus software) Using plug-in method for any 3rd party detection approaches Compatiable with Snort IDS rules [Less]

repache replays previously recorded Apache webserver logfiles. The big advantage of repache is it's realistic treatment of source IP addresses. It spoofs the IP addresses of the logfile in order to ... [More] have a very realistic simulation. The purpose of this is to test webserver with country/IP specific behavior and intrusion detection/prevention systems under realistic conditions. In order to spoof TCP connections, repache's TCP stack needs to listen on the network interface for reply packets - that's why all packets must be routed to the host running repache. This usually means, that a dedicated test environment has to be used. A demo video of repache in action can be found here. [Less]