linux intrusion detection system
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 10397
Apache Intrusion Detection Module 1.0
Apache Intrusion Detection Module is a simple tool to find out intrusion attempts by examining the client requests in real time. more>>
Apache Intrusion Detection Module is a simple tool to find out intrusion attempts by examining the client requests in real time.
This is a simple attempt to build an Intrusion Detection Module for Apache. It is being run at two different sites successfully but there is a performance penalty as the module intercepts all object requests and examines with the list of vulnerable CGI applications.
Issuing a simple make should do in most cases; at worst tweak with the Makefile. The make process will compile mod-id as a apache DSO module, if your server has no DSO support you will need more time...
Any suggestions and improvements are welcome.
<<lessThis is a simple attempt to build an Intrusion Detection Module for Apache. It is being run at two different sites successfully but there is a performance penalty as the module intercepts all object requests and examines with the list of vulnerable CGI applications.
Issuing a simple make should do in most cases; at worst tweak with the Makefile. The make process will compile mod-id as a apache DSO module, if your server has no DSO support you will need more time...
Any suggestions and improvements are welcome.
Download (0.031MB)
Added: 2006-04-04 License: GPL (GNU General Public License) Price:
1304 downloads
Dynamic Taste Detection for XMMS 20020303
Dynamic Taste Detection patch makes XMMS adapt its playlist randomization function to your personal taste. more>>
Dynamic Taste Detection patch makes XMMS adapt its playlist randomization function to your personal taste.
Songs you dont like end up at the end of the playlist, and songs you like to hear together tend to end up next to each other.
<<lessSongs you dont like end up at the end of the playlist, and songs you like to hear together tend to end up next to each other.
Download (2.8MB)
Added: 2006-04-12 License: GPL (GNU General Public License) Price:
1291 downloads
Linux Commander 0.5.2
Linux Commander is a file manager for X11 using GTK+. more>>
Linux Commander is a powerful file manager for the X Window System.
It is partially modelled after Window Commander for Windows.
<<lessIt is partially modelled after Window Commander for Windows.
Download (0.16MB)
Added: 2005-04-29 License: GPL (GNU General Public License) Price:
1665 downloads
ARPSpoofDetector 0.1.3
ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. more>>
ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information.
ARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didnt find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.
Main features:
- passive ARP spoofing detection from broadcast ARP reply packets
- passive IP collision detection from broadcast ARP packets and netbios packets
- active IP collision detection by sending ARP request packets
Log example:
Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)
<<lessARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didnt find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.
Main features:
- passive ARP spoofing detection from broadcast ARP reply packets
- passive IP collision detection from broadcast ARP packets and netbios packets
- active IP collision detection by sending ARP request packets
Log example:
Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)
Download (0.034MB)
Added: 2007-08-12 License: GPL v3 Price:
807 downloads
Intelligent Filesystem Guard 1.0
Intelligent Filesystem Guard is a tool that monitors information about changes in files and directories. more>>
Intelligent Filesystem Guard is a tool that monitors information about changes in files and directories.
Intelligent Filesystem Guard can be used either for the detection of changes in important files (as an intrusion detection system guarding data against viruses and Trojan horses) or for guarding user data.
A large emphasis is put on monitoring files. One of the functions of this system is to tell what happened with the file according to a user query. The system is able to warn of any sort of change, such as modification, creation, erasure, or movement.
<<lessIntelligent Filesystem Guard can be used either for the detection of changes in important files (as an intrusion detection system guarding data against viruses and Trojan horses) or for guarding user data.
A large emphasis is put on monitoring files. One of the functions of this system is to tell what happened with the file according to a user query. The system is able to warn of any sort of change, such as modification, creation, erasure, or movement.
Download (0.090MB)
Added: 2006-04-26 License: GPL (GNU General Public License) Price:
1280 downloads
GNU-LINUX Tierra-UI NON GLOBAL MENU 0.0
GNU-LINUX Tierra-UI NON GLOBAL MENU offers users a non global-menu version of the GNU-LINUX Tierra-UI theme. more>> <<less
Added: 2008-11-20 License: GPL Price: FREE
1 downloads
GNU Phantom.Security 1.00
GNU Phantom.Security is a computer-controlled security system. more>>
GNU Phantom.Security is a computer-controlled security system.
Phantom is designed to be a completely customizable computer controlled security system. All source code (C++/Bourne script) is included. Phantom was designed & tested on a Linux system, but I assume the C++ portions can be easily ported to other Unix systems (even DOS/Windows, maybe?). The Phantom Security system is for use with intrusion/fire detection equipment such as motion sensors, door magnets, and smoke detectors. However, any Normally Open or Normally Closed device may work with little or no change to the code. All source code and diagrams included are free to use,for distributing, and to modify!
Phantom.Controller is to be used in a system with non-powered security devices, i.e. door magnets. Phantom.Controller2 is for systems with powered security devices, i.e. motion sensors & smoke detectors. Anyone with a basic knowledge of circuit design can mix and match from these two diagrams to mix powered & non-powered devices!
Enhancements:
- To compile & install Phantom.Security 1.00:
- configure
- make
- make install
- The default installation directory is /home/Phantom/security. However, this can be modified in the top-level Makefile.am (if this is changed, you need to re-run aclocal, autoconf, & automake). However, both the bindir and datadir should point to the SAME directory, or else Phantom.Security wont function correctly, because it wont be able
- to find the Phantom.conf file.
Enhancements:
- Version 1.0!!! GNU Phantom.Security is out of Beta! I have been running Phantom.Security for months straight on my machine at work and believe it is stable enough to promote it out
- of Beta!
- Created HTML & PostScript versions of documentation. Available on-line.
<<lessPhantom is designed to be a completely customizable computer controlled security system. All source code (C++/Bourne script) is included. Phantom was designed & tested on a Linux system, but I assume the C++ portions can be easily ported to other Unix systems (even DOS/Windows, maybe?). The Phantom Security system is for use with intrusion/fire detection equipment such as motion sensors, door magnets, and smoke detectors. However, any Normally Open or Normally Closed device may work with little or no change to the code. All source code and diagrams included are free to use,for distributing, and to modify!
Phantom.Controller is to be used in a system with non-powered security devices, i.e. door magnets. Phantom.Controller2 is for systems with powered security devices, i.e. motion sensors & smoke detectors. Anyone with a basic knowledge of circuit design can mix and match from these two diagrams to mix powered & non-powered devices!
Enhancements:
- To compile & install Phantom.Security 1.00:
- configure
- make
- make install
- The default installation directory is /home/Phantom/security. However, this can be modified in the top-level Makefile.am (if this is changed, you need to re-run aclocal, autoconf, & automake). However, both the bindir and datadir should point to the SAME directory, or else Phantom.Security wont function correctly, because it wont be able
- to find the Phantom.conf file.
Enhancements:
- Version 1.0!!! GNU Phantom.Security is out of Beta! I have been running Phantom.Security for months straight on my machine at work and believe it is stable enough to promote it out
- of Beta!
- Created HTML & PostScript versions of documentation. Available on-line.
Download (0.26MB)
Added: 2006-07-11 License: GPL (GNU General Public License) Price:
1203 downloads
Invasion 3D 1.0.2-Linux
Invasion 3D is a free multi-platform 3D arcade game, based on OpenGL and SDL and available for Windows and Linux. This fun and addictive game features... more>> <<less
Download (2332KB)
Added: 2009-04-17 License: Freeware Price: Free
197 downloads
Sweet System Icons for Linux -
12 freeware icons inspired by the sweet look and feel of baby rooms artwork. more>> Description:
12 freeware icons inspired by the sweet look and feel of baby rooms artwork.
Content:
CD, Computer, Documents, Favorits, Folders, Home<<less
Download (287KB)
Added: 2009-03-31 License: Freeware Price:
206 downloads
Firewall Tester 1.0
The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) c more>>
The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the connection spoofing option. A script called freport is also available for automatically write to log files.
Of course this is not an automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.
The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file.
These two scripts were written because I was tired of doing this by hand (with packet-crafting tools and tcpdump), I know that there are at least two dozens of other methods to do this but another reason was to learn some perl ;). I hope that you enjoy them.
Main features:
- firewall testing
- IDS testing
- simulation of real tcp connections for stateful inspection firewalls and IDS
- connection spoofing
- IP fragmentation / TCP segmentation
- IDS evasion techniques
<<lessOf course this is not an automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.
The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file.
These two scripts were written because I was tired of doing this by hand (with packet-crafting tools and tcpdump), I know that there are at least two dozens of other methods to do this but another reason was to learn some perl ;). I hope that you enjoy them.
Main features:
- firewall testing
- IDS testing
- simulation of real tcp connections for stateful inspection firewalls and IDS
- connection spoofing
- IP fragmentation / TCP segmentation
- IDS evasion techniques
Download (0.030MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1206 downloads
Devolution Security 3.0.6
Devolution Security is a video surveillance system for Linux based systems. more>>
Devolution Security is a video surveillance system for Linux based systems. It supports up to 16 cameras and features unicast and multicast broadcasting, a Web interface, an X11 interface, themes, motion detection, record on motion, eight different camera layouts, camera cycling, fullscreen mode, and more. Devolution Security uses its own toolkit (dtk).
Main features:
- Up to 16 cameras
- Motion detection
- Record on motion detection
- Record up to 25 fps mpeg4 video
- Multicast live streams to local network
- Unicast to internet IP address
- Very configurable
- Themeable X11 interface
- Web based interface
<<lessMain features:
- Up to 16 cameras
- Motion detection
- Record on motion detection
- Record up to 25 fps mpeg4 video
- Multicast live streams to local network
- Unicast to internet IP address
- Very configurable
- Themeable X11 interface
- Web based interface
Download (10MB)
Added: 2005-10-26 License: GPL (GNU General Public License) Price:
1486 downloads
EnGarde Community Edition 3.0.16
EnGarde is a secure distribution of Linux. more>>
The Community Edition of EnGarde Secure Linux was designed to support features suitable for individuals, students, security enthusiasts, and those wishing to evaluate the level of security and ease of management available in Guardian Digital enterprise products.
EnGarde Community Editions development is very much driven by not only the requests from the community, but also their continued participation.
The Community Edition is a dynamic, rapidly-evolving product that serves to exhibit the best-of-breed applications currently under development.
Guardian Digital enterprise products provide greater levels of support, support for more advanced hardware, more sophisticated upgrade path, and features more suitable for enterprises, including support for our other enterprise applications.
Main features:
- Simple and Secure Remote Administration
- Powerful Host Intrusion Detection
- Secure Network Services
- Built-in Support and Alerts
- Robust Network Intrusion Detection
- Quick and Secure Web, DNS email, FTP
- Network Gateway Firewall
- Monitor System Access
- Protect Against Data Loss
- Security Control Center
- Engineered to be Secure
- Significantly Reduces Support Costs
<<lessEnGarde Community Editions development is very much driven by not only the requests from the community, but also their continued participation.
The Community Edition is a dynamic, rapidly-evolving product that serves to exhibit the best-of-breed applications currently under development.
Guardian Digital enterprise products provide greater levels of support, support for more advanced hardware, more sophisticated upgrade path, and features more suitable for enterprises, including support for our other enterprise applications.
Main features:
- Simple and Secure Remote Administration
- Powerful Host Intrusion Detection
- Secure Network Services
- Built-in Support and Alerts
- Robust Network Intrusion Detection
- Quick and Secure Web, DNS email, FTP
- Network Gateway Firewall
- Monitor System Access
- Protect Against Data Loss
- Security Control Center
- Engineered to be Secure
- Significantly Reduces Support Costs
Download (574MB)
Added: 2007-08-08 License: GPL (GNU General Public License) Price:
808 downloads
LEAF Bering-uClibc 3.1 Beta 1
LEAF Bering-uClibc is a secure, feature-rich, customizable embedded Linux appliance for use in a variety of network topologies. more>>
LEAF Bering-uClibc is the successor of the Bering distribution. Replacing glibc with uClibc a significantly smaller distribution is possible. All packages are ipv6-ready and based on the latest sources. It also provides a new and enhanced package management.
LEAF Bering-uClibc is available for download as a single-floppy-based firewall or as an ISO-image. Additionally booting from HD, CF or an USB device is supported.
The floppy image supports dhcp, ppp and pppoe connections out of the box and fits for a SOHO network demanding a stable and secure router/Internet connection. Secure remote administration is available with dropbear, a small sshd replacement.
Using the ISO image, or an USB/CF/HD boot device, you can add about 150 packages to extend LEAF Bering-uClibc with capabilities like SNMP, 6wall (an shorewall-like IPV6 firewall setup utility), VPN, Intrusion Detection, Traffic Accounting, Quagga Routing Suite, bandwith management and wireless connections, just to name a few.
Whats New in 3.0.2 Stable Release:
- This release provides a minor fix for the config/package system and updates for dnsmasq, dropbear, and shorewall.
<<lessLEAF Bering-uClibc is available for download as a single-floppy-based firewall or as an ISO-image. Additionally booting from HD, CF or an USB device is supported.
The floppy image supports dhcp, ppp and pppoe connections out of the box and fits for a SOHO network demanding a stable and secure router/Internet connection. Secure remote administration is available with dropbear, a small sshd replacement.
Using the ISO image, or an USB/CF/HD boot device, you can add about 150 packages to extend LEAF Bering-uClibc with capabilities like SNMP, 6wall (an shorewall-like IPV6 firewall setup utility), VPN, Intrusion Detection, Traffic Accounting, Quagga Routing Suite, bandwith management and wireless connections, just to name a few.
Whats New in 3.0.2 Stable Release:
- This release provides a minor fix for the config/package system and updates for dnsmasq, dropbear, and shorewall.
Download (0.42MB)
Added: 2007-03-23 License: MIT/X Consortium License Price:
947 downloads
SIDEN 0.1.0
SIDEN is a distributed network discovery tool used for intrusion detection research. more>>
SIDEN is a distributed network discovery tool used for intrusion detection research. The current SIDEN architecture allows you to simulate coordinated/distributed network probes by a group of attackers.
SIDEN has been tested successfully on the OpenBSD and FreeBSD operating systems. If you try SIDEN and it works on any other platform, please contact me. Yes, it sounds interesting that I havent even tested it out on the popular Linux platform. There should be little reason why it wont work on other platforms (especially UNIX variants), since its fully implemented in Perl.
<<lessSIDEN has been tested successfully on the OpenBSD and FreeBSD operating systems. If you try SIDEN and it works on any other platform, please contact me. Yes, it sounds interesting that I havent even tested it out on the popular Linux platform. There should be little reason why it wont work on other platforms (especially UNIX variants), since its fully implemented in Perl.
Download (0.020MB)
Added: 2006-07-08 License: GPL (GNU General Public License) Price:
1203 downloads
Libnids 1.22
Libnids is an implementation of an E-component of Network Intrusion Detection System. more>>
Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.
The most valuable feature of libnids is reliability. A number of tests were conducted, which proved that libnids predicts behaviour of protected Linux hosts as closely as possible.
Libnids is highly configurable in run-time and offers a convenient interface. Currently it compiles on Linux, *BSD and Solaris. WIN32 port is mantained separately here.
Using libnids, one has got a convinient access to data carried by a TCP stream, no matter how artfully obscured by an attacker.
Enhancements:
- in TCP stream, the byte with absolute offset 0 was treated as urgent data; fixed
- DLT_IEEE802_11_RADIO handling
- added a few missing checks for failed malloc
<<lessThe most valuable feature of libnids is reliability. A number of tests were conducted, which proved that libnids predicts behaviour of protected Linux hosts as closely as possible.
Libnids is highly configurable in run-time and offers a convenient interface. Currently it compiles on Linux, *BSD and Solaris. WIN32 port is mantained separately here.
Using libnids, one has got a convinient access to data carried by a TCP stream, no matter how artfully obscured by an attacker.
Enhancements:
- in TCP stream, the byte with absolute offset 0 was treated as urgent data; fixed
- DLT_IEEE802_11_RADIO handling
- added a few missing checks for failed malloc
Download (0.14MB)
Added: 2007-07-22 License: GPL (GNU General Public License) Price:
832 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above linux intrusion detection system search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
