intrusion detection
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 549
Apache Intrusion Detection Module 1.0
Apache Intrusion Detection Module is a simple tool to find out intrusion attempts by examining the client requests in real time. more>>
Apache Intrusion Detection Module is a simple tool to find out intrusion attempts by examining the client requests in real time.
This is a simple attempt to build an Intrusion Detection Module for Apache. It is being run at two different sites successfully but there is a performance penalty as the module intercepts all object requests and examines with the list of vulnerable CGI applications.
Issuing a simple make should do in most cases; at worst tweak with the Makefile. The make process will compile mod-id as a apache DSO module, if your server has no DSO support you will need more time...
Any suggestions and improvements are welcome.
<<lessThis is a simple attempt to build an Intrusion Detection Module for Apache. It is being run at two different sites successfully but there is a performance penalty as the module intercepts all object requests and examines with the list of vulnerable CGI applications.
Issuing a simple make should do in most cases; at worst tweak with the Makefile. The make process will compile mod-id as a apache DSO module, if your server has no DSO support you will need more time...
Any suggestions and improvements are welcome.
Download (0.031MB)
Added: 2006-04-04 License: GPL (GNU General Public License) Price:
1304 downloads
ARPSpoofDetector 0.1.3
ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. more>>
ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information.
ARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didnt find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.
Main features:
- passive ARP spoofing detection from broadcast ARP reply packets
- passive IP collision detection from broadcast ARP packets and netbios packets
- active IP collision detection by sending ARP request packets
Log example:
Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)
<<lessARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didnt find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.
Main features:
- passive ARP spoofing detection from broadcast ARP reply packets
- passive IP collision detection from broadcast ARP packets and netbios packets
- active IP collision detection by sending ARP request packets
Log example:
Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)
Download (0.034MB)
Added: 2007-08-12 License: GPL v3 Price:
807 downloads
Dynamic Taste Detection for XMMS 20020303
Dynamic Taste Detection patch makes XMMS adapt its playlist randomization function to your personal taste. more>>
Dynamic Taste Detection patch makes XMMS adapt its playlist randomization function to your personal taste.
Songs you dont like end up at the end of the playlist, and songs you like to hear together tend to end up next to each other.
<<lessSongs you dont like end up at the end of the playlist, and songs you like to hear together tend to end up next to each other.
Download (2.8MB)
Added: 2006-04-12 License: GPL (GNU General Public License) Price:
1291 downloads
EnGarde Community Edition 3.0.16
EnGarde is a secure distribution of Linux. more>>
The Community Edition of EnGarde Secure Linux was designed to support features suitable for individuals, students, security enthusiasts, and those wishing to evaluate the level of security and ease of management available in Guardian Digital enterprise products.
EnGarde Community Editions development is very much driven by not only the requests from the community, but also their continued participation.
The Community Edition is a dynamic, rapidly-evolving product that serves to exhibit the best-of-breed applications currently under development.
Guardian Digital enterprise products provide greater levels of support, support for more advanced hardware, more sophisticated upgrade path, and features more suitable for enterprises, including support for our other enterprise applications.
Main features:
- Simple and Secure Remote Administration
- Powerful Host Intrusion Detection
- Secure Network Services
- Built-in Support and Alerts
- Robust Network Intrusion Detection
- Quick and Secure Web, DNS email, FTP
- Network Gateway Firewall
- Monitor System Access
- Protect Against Data Loss
- Security Control Center
- Engineered to be Secure
- Significantly Reduces Support Costs
<<lessEnGarde Community Editions development is very much driven by not only the requests from the community, but also their continued participation.
The Community Edition is a dynamic, rapidly-evolving product that serves to exhibit the best-of-breed applications currently under development.
Guardian Digital enterprise products provide greater levels of support, support for more advanced hardware, more sophisticated upgrade path, and features more suitable for enterprises, including support for our other enterprise applications.
Main features:
- Simple and Secure Remote Administration
- Powerful Host Intrusion Detection
- Secure Network Services
- Built-in Support and Alerts
- Robust Network Intrusion Detection
- Quick and Secure Web, DNS email, FTP
- Network Gateway Firewall
- Monitor System Access
- Protect Against Data Loss
- Security Control Center
- Engineered to be Secure
- Significantly Reduces Support Costs
Download (574MB)
Added: 2007-08-08 License: GPL (GNU General Public License) Price:
808 downloads
SIDEN 0.1.0
SIDEN is a distributed network discovery tool used for intrusion detection research. more>>
SIDEN is a distributed network discovery tool used for intrusion detection research. The current SIDEN architecture allows you to simulate coordinated/distributed network probes by a group of attackers.
SIDEN has been tested successfully on the OpenBSD and FreeBSD operating systems. If you try SIDEN and it works on any other platform, please contact me. Yes, it sounds interesting that I havent even tested it out on the popular Linux platform. There should be little reason why it wont work on other platforms (especially UNIX variants), since its fully implemented in Perl.
<<lessSIDEN has been tested successfully on the OpenBSD and FreeBSD operating systems. If you try SIDEN and it works on any other platform, please contact me. Yes, it sounds interesting that I havent even tested it out on the popular Linux platform. There should be little reason why it wont work on other platforms (especially UNIX variants), since its fully implemented in Perl.
Download (0.020MB)
Added: 2006-07-08 License: GPL (GNU General Public License) Price:
1203 downloads
PushSite 2.6
PushSite provides an utility to update remote site. more>>
PushSite provides an utility to update remote site.
Pushsite is intended for updating remote websites -- its like mirroring but in reverse. It only sends the changed/new files to conserve bandwidth. Of course, it has other applications too (e.g. software distribution).
PushSite can detect changes to files held on the local system and update a copy on a remote system via FTP. It can also detect changes made directly to the remote site (basic intrusion detection). Only the amended files are updated thereby conserving bandwidth.
<<lessPushsite is intended for updating remote websites -- its like mirroring but in reverse. It only sends the changed/new files to conserve bandwidth. Of course, it has other applications too (e.g. software distribution).
PushSite can detect changes to files held on the local system and update a copy on a remote system via FTP. It can also detect changes made directly to the remote site (basic intrusion detection). Only the amended files are updated thereby conserving bandwidth.
Added: 2007-04-28 License: GPL (GNU General Public License) Price:
910 downloads
Trinux 0.890
Trinux is a ramdisk-based Linux distribution that boots from a single floppy or CD-ROM. more>>
Trinux is a ramdisk-based Linux distribution that boots from a single floppy or CD-ROM, loads it packages from an HTTP/FTP server, a FAT/NTFS/ISO filesystem, or additional floppies.
Trinux contains the latest versions of popular Open Source network security tools for port scanning, packet sniffing, vulnerability scanning, sniffer detection, packet construction, active/passive OS fingerprinting, network monitoring, session-hijacking, backup/recovery, computer forensics, intrusion detection, and more.
Trinux also provides support for Perl, PHP, and Python scripting languages. Remote Trinux boxes can be managed securely with OpenSSH.
Trinux gives you the power of Linux security tools without requiring a full-blown Linux install or the need to download, compile, install, and update a complete suite of security tools that are typically not found in mainstream distributions.
Trinux will boot on any i486 or better with at least 12-16 megabytes of RAM, depending on how many packages are loaded. Hardware support for many common Ethernet cards is provided in the default kerneli and additional NICs are supported via Linux kernel modules.
Trinux 0.7x/0.8x is was developed using Slackware 7.1 and supports the latest 2.2.x kernels and glibc 2.1.x. Trinux 0.8x supports Linux kernel 2.4.x. Trinux was first released in April 1998. Versions up through 0.51 were based on Debian 1.31 binaries linked against libc5. Version 0.6x was built using RedHat Linux 5.2. Trinux utilizes Busybox to replace many common UNIX utilities.
Trinux is released under the terms of the GNU Public License.
<<lessTrinux contains the latest versions of popular Open Source network security tools for port scanning, packet sniffing, vulnerability scanning, sniffer detection, packet construction, active/passive OS fingerprinting, network monitoring, session-hijacking, backup/recovery, computer forensics, intrusion detection, and more.
Trinux also provides support for Perl, PHP, and Python scripting languages. Remote Trinux boxes can be managed securely with OpenSSH.
Trinux gives you the power of Linux security tools without requiring a full-blown Linux install or the need to download, compile, install, and update a complete suite of security tools that are typically not found in mainstream distributions.
Trinux will boot on any i486 or better with at least 12-16 megabytes of RAM, depending on how many packages are loaded. Hardware support for many common Ethernet cards is provided in the default kerneli and additional NICs are supported via Linux kernel modules.
Trinux 0.7x/0.8x is was developed using Slackware 7.1 and supports the latest 2.2.x kernels and glibc 2.1.x. Trinux 0.8x supports Linux kernel 2.4.x. Trinux was first released in April 1998. Versions up through 0.51 were based on Debian 1.31 binaries linked against libc5. Version 0.6x was built using RedHat Linux 5.2. Trinux utilizes Busybox to replace many common UNIX utilities.
Trinux is released under the terms of the GNU Public License.
Download (19.8MB)
Added: 2005-05-11 License: GPL (GNU General Public License) Price:
1639 downloads
Firewall Tester 1.0
The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) c more>>
The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the connection spoofing option. A script called freport is also available for automatically write to log files.
Of course this is not an automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.
The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file.
These two scripts were written because I was tired of doing this by hand (with packet-crafting tools and tcpdump), I know that there are at least two dozens of other methods to do this but another reason was to learn some perl ;). I hope that you enjoy them.
Main features:
- firewall testing
- IDS testing
- simulation of real tcp connections for stateful inspection firewalls and IDS
- connection spoofing
- IP fragmentation / TCP segmentation
- IDS evasion techniques
<<lessOf course this is not an automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.
The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file.
These two scripts were written because I was tired of doing this by hand (with packet-crafting tools and tcpdump), I know that there are at least two dozens of other methods to do this but another reason was to learn some perl ;). I hope that you enjoy them.
Main features:
- firewall testing
- IDS testing
- simulation of real tcp connections for stateful inspection firewalls and IDS
- connection spoofing
- IP fragmentation / TCP segmentation
- IDS evasion techniques
Download (0.030MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1206 downloads
Untangle Gateway Platform 5.0.1
Untangle Gateway Platform is a Linux-based network gateway with pluggable modules for network applications. more>>
Untangle Gateway Platform is a Linux-based network gateway with pluggable modules for network applications like spam blocking, Web filtering, anti-virus, anti-spyware, intrusion prevention, VPN, SSL VPN, firewall, and more.
Enhancements:
- Bugfixes from 5.0.0-beta; this release is stable.
<<lessEnhancements:
- Bugfixes from 5.0.0-beta; this release is stable.
Download (MB)
Added: 2007-08-04 License: GPL (GNU General Public License) Price:
517 downloads
Firestorm 0.5.5
Firestorm is an extremely high performance network intrusion detection system (NIDS). more>>
Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible. Firestorm performs a lot better than all other systems I have tested (such as snort and prelude) by as much as a factor of 2 (and thats under favourable conditions, it way outstrips the competition under a targeted DoS attack).
A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic. If a firewall is a doorman, a NIDS is an undercover KGB agent. He silently gathers intelligence and can watch an enemy even if the door security has already let them in (maybe the enemy can make fake identification documents).
Tested Platforms
Linux 2.x
FreeBSD 4.x
OpenBSD
Solaris
Should compile and run on any mainstream UNIX really...
Main features:
- Protocol anomaly detection
- Full application layer decodes
- Fully pluggable
- High performance OS Specific capture module for Linux
- Capture from libpcap files (normal AND redhat extended)
- Packet decode engine fully supports encapsulation
- Decode plugins included for many protocols (see below)
- Comprehensive snort rule support
- Wu-Manber setwise string matching
- Easy to configure; just one config file
- Can run chroot and with lowered privs (when started as root)
- Can run as a realtime process (when started as root)
- Preprocessors to allow supplementary modes of detection (eg: anomaly)
- Full IP defragmentation (passes fragroute evasion tests)
- TCP stateful inspection with window tracking
- Intelligent TCP stream reassembly
- HTTP URL normalization
- EXTREMELY fast and scalable signature engine
- Configurable token-bucket rate-limiting of any alerts
- GNOME2 based analyst console user interface
- Enhanced logging format for ease of analysis
- ELOG indexing for lightning fast sorting and filtering of alerts
<<lessA Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic. If a firewall is a doorman, a NIDS is an undercover KGB agent. He silently gathers intelligence and can watch an enemy even if the door security has already let them in (maybe the enemy can make fake identification documents).
Tested Platforms
Linux 2.x
FreeBSD 4.x
OpenBSD
Solaris
Should compile and run on any mainstream UNIX really...
Main features:
- Protocol anomaly detection
- Full application layer decodes
- Fully pluggable
- High performance OS Specific capture module for Linux
- Capture from libpcap files (normal AND redhat extended)
- Packet decode engine fully supports encapsulation
- Decode plugins included for many protocols (see below)
- Comprehensive snort rule support
- Wu-Manber setwise string matching
- Easy to configure; just one config file
- Can run chroot and with lowered privs (when started as root)
- Can run as a realtime process (when started as root)
- Preprocessors to allow supplementary modes of detection (eg: anomaly)
- Full IP defragmentation (passes fragroute evasion tests)
- TCP stateful inspection with window tracking
- Intelligent TCP stream reassembly
- HTTP URL normalization
- EXTREMELY fast and scalable signature engine
- Configurable token-bucket rate-limiting of any alerts
- GNOME2 based analyst console user interface
- Enhanced logging format for ease of analysis
- ELOG indexing for lightning fast sorting and filtering of alerts
Download (0.22MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1208 downloads
LEAF Bering-uClibc 3.1 Beta 1
LEAF Bering-uClibc is a secure, feature-rich, customizable embedded Linux appliance for use in a variety of network topologies. more>>
LEAF Bering-uClibc is the successor of the Bering distribution. Replacing glibc with uClibc a significantly smaller distribution is possible. All packages are ipv6-ready and based on the latest sources. It also provides a new and enhanced package management.
LEAF Bering-uClibc is available for download as a single-floppy-based firewall or as an ISO-image. Additionally booting from HD, CF or an USB device is supported.
The floppy image supports dhcp, ppp and pppoe connections out of the box and fits for a SOHO network demanding a stable and secure router/Internet connection. Secure remote administration is available with dropbear, a small sshd replacement.
Using the ISO image, or an USB/CF/HD boot device, you can add about 150 packages to extend LEAF Bering-uClibc with capabilities like SNMP, 6wall (an shorewall-like IPV6 firewall setup utility), VPN, Intrusion Detection, Traffic Accounting, Quagga Routing Suite, bandwith management and wireless connections, just to name a few.
Whats New in 3.0.2 Stable Release:
- This release provides a minor fix for the config/package system and updates for dnsmasq, dropbear, and shorewall.
<<lessLEAF Bering-uClibc is available for download as a single-floppy-based firewall or as an ISO-image. Additionally booting from HD, CF or an USB device is supported.
The floppy image supports dhcp, ppp and pppoe connections out of the box and fits for a SOHO network demanding a stable and secure router/Internet connection. Secure remote administration is available with dropbear, a small sshd replacement.
Using the ISO image, or an USB/CF/HD boot device, you can add about 150 packages to extend LEAF Bering-uClibc with capabilities like SNMP, 6wall (an shorewall-like IPV6 firewall setup utility), VPN, Intrusion Detection, Traffic Accounting, Quagga Routing Suite, bandwith management and wireless connections, just to name a few.
Whats New in 3.0.2 Stable Release:
- This release provides a minor fix for the config/package system and updates for dnsmasq, dropbear, and shorewall.
Download (0.42MB)
Added: 2007-03-23 License: MIT/X Consortium License Price:
947 downloads
ModSecurity 2.1.2
ModSecurity is an intrusion detection and prevention module for the Apache Web server. more>>
ModSecurity is an FREE and GPL lincesed software for intrusion detection and prevention engine for web applications.
Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Enhancements:
- This version fixes the issue with subrequests, a problem with full-width Unicode encoding, and a few other small issues.
- It also bundles the most recent version of the Core Rules (which contains many improvements over the previous version) along with the updated documentation.
<<lessOperating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Enhancements:
- This version fixes the issue with subrequests, a problem with full-width Unicode encoding, and a few other small issues.
- It also bundles the most recent version of the Core Rules (which contains many improvements over the previous version) along with the updated documentation.
Download (0.62MB)
Added: 2007-08-07 License: GPL (GNU General Public License) Price:
818 downloads
Network Security Toolkit 1.5.0
Network Security Toolkit is a bootable ISO live CD and its based on Fedora Core 2. more>>
Network Security Toolkit is a bootable ISO live CD and its based on Fedora Core 2.
The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms.
The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 75 Security Tools by insecure.org are available in the toolkit.
What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.
This can all be done without disturbing or modifying any underlying sub-system disk. NST can be up and running on a typical x86 notebook in less than a minute by just rebooting with the NST ISO CD. The notebooks hard disk will not be altered in any way.
NST also makes an excellent tool to help one with all sorts of crash recovery troubleshooting scenarios and situations.
Enhancements:
- We are pleased to announce the latest NST release: v1.5.0. This release is based on Fedora Core 5 using the Linux kernel 2.6.18. Here are some of the highlights for this release: the NST Web User Interface (WUI), has been greatly enhanced and cleaned up; extensive additions to managing and analyzing network packet captures; the ability to setup and manage printers; the ability to easily mount many different supported file system types; the ability to manage the NST as a file server (both NFS and CIFS); the addition of the Inprotect package (a Nessus manager); the addition of the Zabbix package (another network resource monitoring tool - similar to Nagios)....
<<lessThe toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms.
The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 75 Security Tools by insecure.org are available in the toolkit.
What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.
This can all be done without disturbing or modifying any underlying sub-system disk. NST can be up and running on a typical x86 notebook in less than a minute by just rebooting with the NST ISO CD. The notebooks hard disk will not be altered in any way.
NST also makes an excellent tool to help one with all sorts of crash recovery troubleshooting scenarios and situations.
Enhancements:
- We are pleased to announce the latest NST release: v1.5.0. This release is based on Fedora Core 5 using the Linux kernel 2.6.18. Here are some of the highlights for this release: the NST Web User Interface (WUI), has been greatly enhanced and cleaned up; extensive additions to managing and analyzing network packet captures; the ability to setup and manage printers; the ability to easily mount many different supported file system types; the ability to manage the NST as a file server (both NFS and CIFS); the addition of the Inprotect package (a Nessus manager); the addition of the Zabbix package (another network resource monitoring tool - similar to Nagios)....
Download (364.9MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
991 downloads
Streamline 1.7.2
Streamline is a high-speed networking subsystem for commodity operating systems. more>>
Streamline is a high-speed networking subsystem for commodity operating systems. It increases performance by moving processing tasks to the fastest location. Streamline supports in-kernel execution, but also dedicated hardware (NICs) and even remote machines. An implementation of Streamline for Linux 2.6.13 and higher is made publicly available.
The goal of Streamline is to make fast network processing viable for common tasks. Many advanced processing schemes so far fail to make it into OSes, because they are difficult to combine with the socket(..) API or only applicable in a few situations. Our goal is to integrate known as well as develop new methods that replace sockets(..). without burdening application developers and end-users. Streamline achieves this by constructing a tailored dataplane for each application at runtime from an extensible set of functions.
Applications request information streams by specifying a series of abstract functions that need to be performed on incoming data (e.g., select tcp packets for port 80, reassemble into a stream, filter out known attacks). At runtime, streamline searches for implementations of these functions. These can be found in the kernel, in the application library, or in dedicated hardware such as programmable network cards or asymmetric multicores. When all functions are found, interconnecting datapaths are setup. Paths may need to cross the PCI bus, userspace/kernelspace barrier or even LANs. Optimisation of these paths is one of the factors that contributes to Streamlines performance.
The base system comes bundled with functions for pattern matching (Aho Corasick, RegEx), accounting, filtering (among others BPF), stream reassembly, rewriting, inspection, and more. Obvious uses are intrusion detection, network address translation, media streaming and realtime (pre)processing of scientific data.
Enhancements:
- This is mostly a stabilization release, which adds support for Linux kernels up to 2.6.22 and Fedora Core installations.
- The only truly new feature is a virtual filesystem interface (like sysfs) to streamline.
- With this "netmonfs" you can inspect live datastreams as if youre reading local files.
- Setting up streams and filters is easily accomplished through mkdir, open, and other well-known tools.
- Note that netmonfs is still beta quality software.
<<lessThe goal of Streamline is to make fast network processing viable for common tasks. Many advanced processing schemes so far fail to make it into OSes, because they are difficult to combine with the socket(..) API or only applicable in a few situations. Our goal is to integrate known as well as develop new methods that replace sockets(..). without burdening application developers and end-users. Streamline achieves this by constructing a tailored dataplane for each application at runtime from an extensible set of functions.
Applications request information streams by specifying a series of abstract functions that need to be performed on incoming data (e.g., select tcp packets for port 80, reassemble into a stream, filter out known attacks). At runtime, streamline searches for implementations of these functions. These can be found in the kernel, in the application library, or in dedicated hardware such as programmable network cards or asymmetric multicores. When all functions are found, interconnecting datapaths are setup. Paths may need to cross the PCI bus, userspace/kernelspace barrier or even LANs. Optimisation of these paths is one of the factors that contributes to Streamlines performance.
The base system comes bundled with functions for pattern matching (Aho Corasick, RegEx), accounting, filtering (among others BPF), stream reassembly, rewriting, inspection, and more. Obvious uses are intrusion detection, network address translation, media streaming and realtime (pre)processing of scientific data.
Enhancements:
- This is mostly a stabilization release, which adds support for Linux kernels up to 2.6.22 and Fedora Core installations.
- The only truly new feature is a virtual filesystem interface (like sysfs) to streamline.
- With this "netmonfs" you can inspect live datastreams as if youre reading local files.
- Setting up streams and filters is easily accomplished through mkdir, open, and other well-known tools.
- Note that netmonfs is still beta quality software.
Download (0.82MB)
Added: 2007-08-23 License: LGPL (GNU Lesser General Public License) Price:
809 downloads
IPAudit 1.0BETA2
IPAudit monitors network activity on a network by host, protocol and port. more>>
IPAudit monitors network activity on a network by host, protocol and port.
IPAudit listens to a network device in promiscuous mode, and records every connection between two ip addresses.
A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).
IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks. It can be used with IPAudit-Web to provide web based network reports.
Installation:
The `configure shell script attempts to guess correct values for various system-dependent variables used during compilation.
It uses those values to create a `Makefile in each directory of the package. It may also create one or more `.h files containing system-dependent definitions.
Finally, it creates a shell script `config.status that you can run in the future to recreate the current configuration, a file `config.cache that saves the results of its tests to speed up
reconfiguring, and a file `config.log containing compiler output (useful mainly for debugging `configure).
If you need to do unusual things to compile the package, please try to figure out how `configure could check whether to do them, and mail diffs or instructions to the address given in the `README so they can be considered for the next release.
If at some point `config.cache contains results you dont want to keep, you may remove or edit it.
The file `configure.in is used to create `configure by a program called `autoconf. You only need `configure.in if you want to change it or regenerate `configure using a newer version of `autoconf.
The simplest way to compile this package is:
1. `cd to the directory containing the packages source code and type `./configure to configure the package for your system.
If youre using `csh on an old version of System V, you might need to type `sh ./configure instead to prevent `csh from trying to execute `configure itself.
Running `configure takes awhile. While running, it prints some messages telling which features it is checking for.
2. Type `make to compile the package.
3. Optionally, type `make check to run any self-tests that come with the package.
4. Type `make install to install the programs and any data files and documentation.
5. You can remove the program binaries and object files from the source code directory by typing `make clean. To also remove the files that `configure created (so you can compile the package for a different kind of computer), type `make distclean.
There is also a `make maintainer-clean target, but that is intended mainly for the packages developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution.
<<lessIPAudit listens to a network device in promiscuous mode, and records every connection between two ip addresses.
A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).
IPAudit can be used to monitor network activity for a variety of purposes. It has proved useful for monitoring intrusion detection, bandwith consumption and denial of service attacks. It can be used with IPAudit-Web to provide web based network reports.
Installation:
The `configure shell script attempts to guess correct values for various system-dependent variables used during compilation.
It uses those values to create a `Makefile in each directory of the package. It may also create one or more `.h files containing system-dependent definitions.
Finally, it creates a shell script `config.status that you can run in the future to recreate the current configuration, a file `config.cache that saves the results of its tests to speed up
reconfiguring, and a file `config.log containing compiler output (useful mainly for debugging `configure).
If you need to do unusual things to compile the package, please try to figure out how `configure could check whether to do them, and mail diffs or instructions to the address given in the `README so they can be considered for the next release.
If at some point `config.cache contains results you dont want to keep, you may remove or edit it.
The file `configure.in is used to create `configure by a program called `autoconf. You only need `configure.in if you want to change it or regenerate `configure using a newer version of `autoconf.
The simplest way to compile this package is:
1. `cd to the directory containing the packages source code and type `./configure to configure the package for your system.
If youre using `csh on an old version of System V, you might need to type `sh ./configure instead to prevent `csh from trying to execute `configure itself.
Running `configure takes awhile. While running, it prints some messages telling which features it is checking for.
2. Type `make to compile the package.
3. Optionally, type `make check to run any self-tests that come with the package.
4. Type `make install to install the programs and any data files and documentation.
5. You can remove the program binaries and object files from the source code directory by typing `make clean. To also remove the files that `configure created (so you can compile the package for a different kind of computer), type `make distclean.
There is also a `make maintainer-clean target, but that is intended mainly for the packages developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution.
Download (0.13MB)
Added: 2005-10-14 License: GPL (GNU General Public License) Price:
1472 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above intrusion detection search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
