Free outbreak detection software for linux

cpdetector project is a small yet clever framework for codepage detection.

cpdetector is a small yet clever framework for codepage detection that integrates different strategies. It may be used as a library for third party software that accesses textual data over network.

It also includes a best-practice implementation in form of a command line tool that allows sorting and transforming large collections of documents based on their codepage.

Available strategies include: jchardet (exclusion, frequency analysis, and guessing), detection of the HTML charset property, and detection of the XML encoding declaration.

What is a code page?

At first, a textual document is nothing more than sequences of bits. A computer has to decide, how he can display this data in form of characters (which are identified by the computer as numbers).

A code page - which is also known as charset encoding - maps the raw data of a textual document to characters. The original ASCII code page for example only uses 7 bits of an octet (byte) for deciding the character that is represented thus allowing only to map 128 different characters. In the past memory was expensive and computers most often only had registers and busses for 8 bit.

When a mainframe was conceived it had to be decided, which characters it should support. Physicians and mathematicians for example needed special characters for equations. As a result, a computer often shipped with a special codepage.

ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information.
ARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didnt find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.
Main features:
- passive ARP spoofing detection from broadcast ARP reply packets
- passive IP collision detection from broadcast ARP packets and netbios packets
- active IP collision detection by sending ARP request packets
Log example:
Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)

PacketFence project provides interior worm mitigation and policy enforcement capabilities.
PacketFence be placed strategically throughout the enterprise to compartmentalize networks that may present a threat to valuable resources: VPN concentrators, client and guest networks, extranet connectivity points, etc.
PacketFence is designed to operate in heterogeneous where users are either unable or unwilling, without assistance, to secure their systems properly.
Main features:
- Open Architecture-Based on unmodified open-source components, PacketFence requires no software to be installed on client systems.
- Registration-Registration/authentication can be enforced before admission to the network is granted. Additionally successul completion of a vulnerability scan and acceptance of an AUP can also be required
- Detection-detection of worms, trojans, etc by behavorial or signature-based means
- Remediation-Context-sensitive information provided to user for self-directed remediation.

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998.

Fragroute features a simple ruleset language to delay, duplicate, drop, overlap, print, fragment, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour.

This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Please do not abuse this software.

Aldegonde is a simple and efficient media player based on the powerful GStreamer media framework.
It supports all file formats supported by GStreamer, including Ogg (Theora, Vorbis, Speex, FLAC), ASF (WMV/WMA, ...), AVI (XviD, MJPEG, DivX ...), Quicktime (MPEG-4, Sorensen, ...), MPEG (1, 2, 4) and so on.
It will also play audio-CDs, video-CDs and DVDs. The primary purpose of Aldegonde is to be a simple example application. It includes a very simple, to-the-point Gtk+ video widget for GStreamer, and it also contains code for automatic disc content detection (VCD, DVD, audio-CD).
The whole of Aldegonde is basically a test bed for features in Totem, which is the official GNOME video/media player.
Main features:
- Support for all popular media formats, including Ogg, AVI, ASF, MPEG and Quicktime.
- Automatic disc content detection. Insert an audio-CD, DVD or VCD and Aldegonde will automatically detect disc type and load the appropriate playback backend.
- Automatic size handling
- Metadata loading support
- Full-screen support

ModSecurity is an FREE and GPL lincesed software for intrusion detection and prevention engine for web applications.
Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Enhancements:
- This version fixes the issue with subrequests, a problem with full-width Unicode encoding, and a few other small issues.
- It also bundles the most recent version of the Core Rules (which contains many improvements over the previous version) along with the updated documentation.

Snort Report is an add-on module for the Snort Intrusion Detection System. Snort Report add-on provides realtime reporting from the MySQL database generated by Snort.

It has been tested on Redhat 6.2, 7.0, 7.1, and OpenBSD 2.9.

Daikon is an implementation of dynamic detection of likely invariants. An invariant is a property (such as "x=2*y+5" or "this.next.prev = this" or "myarray is sorted by<<less