Projects tagged ‘intrusion’

Snort® is an open source network intrusion prevention and detection system using a flexible rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection ... [More] methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. [Less]

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve ... [More] this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language. Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events. Prelude is commited to providing an Hybrid IDS that offers the ability to unify currently available tools. [Less]

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. ... [More] It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. [Less]

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port ... [More] scan detection tools out there, scanlogd is designed to be totally safe to use. scanlogd supports several packet capture interfaces: the raw socket interface on Linux (which does not require any libraries), libnids, and libpcap. [Less]

Remote monitoring of home power presence - remote intrusion detection system By means of monitoring battery charger status (connected or not), this program allows knowing if home power grid is ... [More] working or not, and it sends an SMS in case of power failure. By inserting the charger into a circuit which monitors doors/windows for opening, the SMS can be triggered by doors/windows opening. Program written in Pys60 and tested on nokia 6600/6680. [Less]

WebSpidah is a tactical WASS (Web Application Security Scanner) written in PHP. It has an interactive shell as a user interface, much like the MSF, and a modularized, XML-based, vulnerability recon ... [More] system. WebSpidah is released under the GPL license. [Less]

- clear reports of network intrusions. - filter by date, IP, port, signature, etc. - easy to install. Just set the MySQL password. - configurable for best performance. - self-contained - no graphing ... [More] libs needed. - can easily delete false positives - provides ARIN whois lookups. - provides ASCII and Hex views of payload. - helps you configure Snort to block or limit noisy rules. [Less]

IntroductionWebsiteCDS is a script that goes through your entire web folder and detects any changes to code made. You can use this code to detect changes and send you an email alert if the codebase ... [More] has changed. DetailsPlease see full details of the project here http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted Download the code PHP version 1 from here http://websitecds.googlecode.com/files/websitecds%20version1.zip [Less]

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters ... [More] any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL! This is a PHP4 port of the PHP5-only PHPIDS from http://www.php-ids.org/ [Less]