Community-supported view of Intrusion Detection and Intrusion Prevention Systems. Focus on open source technologies, methods, and data analysis related to IDS/IPS. 1. ACID (Analysis Console for Intrusion Databases) - Powerful PHP-based data analysis tool for network security events captured by many common IDS tools, including snort and tcpdump. 2. Advanced Intrusion Detection Environment - AIDE is a file integrity checker that supports regular expressions. Licensed with GPL. 3. Chkrootkit - Provides open source application to check for presence of rootkits installed on Linux/Unix machines. Links to security related sites. 4. Firestorm Network Intrusion Detection System - Firestorm is a high-performance GPL-licensed network intrusion detection system (NIDS). Features include being fully pluggable, easily configurable, and an extremely scalable signature engine. 5. LAk Intrusion Prevention System - A single compilation of source, binaries, scripts and whitepapers on intrusion prevention systems. The aim is to quickly establish a working IPS within minutes. 6. LIDS Project - Secure Linux System - LIDS is an enhancement for the Linux kernel written by Xie Huagang and Philippe Biondi. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, file protection (even from root), and process protection. 7. Open-Source IDS - A complete intrusion detection system created with well known open-source tools. Implemented using a custom RedHat 7.2 distribution and available for download as a stand-alone ISO image. 8. Panoptis - Network-IDS that detects and stops DoS/DDoS attacks by using real-time Cisco NetFlow data. 9. Passive OS Fingerprinting (pOf) - An advanced passive OS/network fingerprinting utility for use in IDS environments, honeypots environments, firewalls and servers. 10. Prelude hybride opensource IDS - Prelude is a new innovative hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast. 11. QuIDScor IDS/VA correlation - QuIDScor is an Open Source project demonstrating the value in correlating information between Intrusion Detection Systems (such as Snort) and vulnerability assesment and management platforms such as QualysGuard. 12. Rootkit Hunter - Open-source GPL rootkit scanner for Unix-like systems. Scans for rootkits, trojans, backdoors and local exploits. Tests include scanning of plaintext and binary files for MD5 hash comparisons, default rootkit files, binary permissions, suspect LKM/KLD module strings, and hidden files. 13. Shadow Intrusion and Network Analysis - Shadow is an intrusion-detection system from the Naval Surface Warfare Center, shows promise in detecting previously unknown attacks for which no known detection signatures exist. 14. sLink project - sLink consists of a daemon and a suite of cgi programs which provide a web administration interface to an EDM/BOSCH Solution16 Alarm Panel. 15. Snort - A free lightweight network intrusion detection system for UNIX and Windows. 16. Snortalog - Perl-based log analysis tool that summarizes network security events from any native snort database format. 17. Systrace (Interactive Policy Generation for System Calls) - Systrace enforces system call policies for applications by interactively constraining the application's access to the system (*bsd and linux). Systrace is able to monitor daemons on remote machines and generate warnings at a central location. 18. The Osiris Scripts - A tripwire-like utility which uses MD5 to check files for modifications. 19. Fail2Ban - fail2ban is a POSIX/Linux tool used to ban IP addresses that generate too many password failures. ssh, iptables, ipfwadm and ipfw are currently supported. 20. Fairly Fast Packet Filter - The Fairly Fast Packet Filter (FFPF) is a network monitoring framework for Linux. FFPF achieves high throughput by pushing computationally intensive tasks to the kernel or even network processors and by minimising packet copying. 21. Honeyd - Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet or for network monitoring. For *BSD, GNU/Linux, and Solaris. 22. IDABench - IDABench is a pluggable framework for intrusion analysis built upon the Naval Surface Warfare Center, Dahlgren Division's SHADOW versions 1.7 and 1.8. Scripts can be extended via plugins that pass packet data to (and output from) most libpcap-based tools. 23. serverM Host Based Intrusion Detection System NEW! - An Open Source host-based real-time intrusion detection system for Linux and Mac OS X based systems. 24. Snortattack NEW! - An intrusion protection system in the form of a bash shell script that is designed to make the installation of Snort in inline mode on Fedora or Debian as easy as possible. 25. SnortSMS Project NEW! - A configurable web-base administration console written in PHP which can remotely manage, control, and monitor multiple Snort based Intrusion Detection System sensors. 26. The Bleeding Edge of Snort - Bleeding Snort was a response to the need for a centralized spot for Snort Signatures to be aggregated and maintained. Contains snort rules for malware, viruses, and "0day" exploits. 27. Virtual eXecuting Environment - VXE is an open source Intrusion Prevention System intended to protect Unix subsystems (daemon protection) from known and unknown network intrusion threats.

Help build the largest human-edited directory on the web. Submit a Site - Update a Site - Open Directory Project - Become an Editor

© 2008 Chamas Enterprises Inc.