Projects tagged ‘ids’ and ‘security’

Snort® is an open source network intrusion prevention and detection system using a flexible rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is ... [More] the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. [Less]

Vyatta software is a Linux-based, open-source networking (router, firewall, VPN) solution that leverages x86 hardware and components to deliver a flexible, affordable alternative to Cisco 1800 through 7200 series routers. Vyatta is a enterprise class, commercial open source offering with a staff of full-time engineers and support personnel.

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion ... [More] Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language. Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events. Prelude is commited to providing an Hybrid IDS that offers the ability to unify currently available tools. [Less]

IPFire is new-developed firewall build with the latest releases of linux 2.6 and tools. You are able to install a lot of addons and you will see a firewall can become a home server.

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port scan detection tools out there, scanlogd is designed ... [More] to be totally safe to use. scanlogd supports several packet capture interfaces: the raw socket interface on Linux (which does not require any libraries), libnids, and libpcap. [Less]

PacketFuPacketFu is a mid-level packet manipulation library for Ruby. Bullets"Yet Another Packet Factory" "An IDS in Five Lines or Less" "Irb is the new Hping" RequirementsRuby (1.8.6 or later) PcapRub (0.8-dev or later) BinData (0.9.2-eofpatch ... [More] or later) PcapRub is best served from the Metasploit svn repository. BinData is provided as part of the current PacketFu distribution. DownloadClick the download link to start creating and parsing packets natively in Ruby. But if I were you, I'd stick to the SVN links instead. I hardly ever break the tree, and I'm slow on upping version numbers. InstallUncompress using your favorite archive manager Copy the contents to your Ruby path, or run (as root) ruby install.rb Note, if you already have a version of BinData installed, this will blow it away. Will be fixed soon. Other StuffYou know how the Phantom of the Carnival was really Old Man Whithers? Scooby, a honeypot demasker, is like that. Scooby is an example application using the PacketFu library. It's also not written yet, but that won't stop me from talking about it in the present tense. PacketFu (for Ruby) has no connection to the folks at packetfu.org. SpellingSometimes it's spelled "Packet-Fu," but it's difficult to get a hyphen in a module name, so I usually spell it PacketFu. [Less]

PerlIDS (CGI::IDS) is a Perl website intrusion detection system based on PHPIDS http://php-ids.org/. It parses any hashref for possible attacks, so it does not depend on CGI.pm. The intrusion detection is based on a set of converters that convert ... [More] the request according to common techniques that are used to hide attacks. These converted strings are checked for attacks by running a filter set of currently 68 regular expressions. For easily keeping the filter set up-to-date, PerlIDS is compatible to the original XML filter set of PHPIDS, which is frequently updated. [Less]

libemu is a small library written in c offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots.