Directory of Open Source Resources
Home > Computers > Security > Intrusion Detection Systems > Products and Tools > Open Source
Community-supported view of Intrusion Detection and Intrusion Prevention Systems. Focus on open source technologies, methods, and data analysis related to IDS/IPS.
Resources in This Category
-
ACID (Analysis Console for Intrusion Databases)
http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html
Powerful PHP-based data analysis tool for network security events captured by many common IDS tools, including snort and tcpdump. -
Advanced Intrusion Detection Environment
http://www.cs.tut.fi/~rammer/aide.html
AIDE is a file integrity checker that supports regular expressions. Licensed with GPL. -
Chkrootkit
http://www.chkrootkit.org/
Provides open source application to check for presence of rootkits installed on Linux/Unix machines. Links to security related sites. -
Fail2Ban
http://sourceforge.net/projects/fail2ban/
fail2ban is a POSIX/Linux tool used to ban IP addresses that generate too many password failures. ssh, iptables, ipfwadm and ipfw are currently supported. -
Firestorm Network Intrusion Detection System
http://www.scaramanga.co.uk/firestorm/
Firestorm is a high-performance GPL-licensed network intrusion detection system (NIDS). Features include being fully pluggable, easily configurable, and an extremely scalable signature engine. -
Honeyd
http://www.citi.umich.edu/u/provos/honeyd/
Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet or for network monitoring. For *BSD, GNU/Linux, and Solaris. -
LAk Intrusion Prevention System
http://lak-ips.sourceforge.net/
A single compilation of source, binaries, scripts and whitepapers on intrusion prevention systems. The aim is to quickly establish a working IPS within minutes. -
Panoptis
http://panoptis.sourceforge.net/
Network-IDS that detects and stops DoS/DDoS attacks by using real-time Cisco NetFlow data. -
PreludeIDS Technologies
http://www.prelude-ids.org/
Distributed hybrid IDS framework, that collects and aggregates event reports from available security systems, and analyses them on a central system. -
QuIDScor IDS/VA correlation
http://quidscor.sourceforge.net/
QuIDScor is an Open Source project demonstrating the value in correlating information between Intrusion Detection Systems (such as Snort) and vulnerability assessment and management platforms such as QualysGuard. -
Rootkit Hunter
http://www.rootkit.nl/
Open-source GPL rootkit scanner for Unix-like systems. Scans for rootkits, trojans, backdoors and local exploits. Tests include scanning of plaintext and binary files for MD5 hash comparisons, default rootkit files, binary permissions, suspect LKM/KLD module strings, and hidden files. -
Shadow Intrusion and Network Analysis
http://www.ists.dartmouth.edu/projects/archives/shadow.html
Shadow is an intrusion-detection system from the Naval Surface Warfare Center, shows promise in detecting previously unknown attacks for which no known detection signatures exist. -
sLink project
http://slink.sourceforge.net/
sLink consists of a daemon and a suite of cgi programs which provide a web administration interface to an EDM/BOSCH Solution16 Alarm Panel. -
Snort
https://www.snort.org/
A free lightweight network intrusion detection system for UNIX and Windows. -
Snortalog
http://jeremy.chartier.free.fr/snortalog/
Perl-based log analysis tool that summarizes network security events from any native snort database format. -
Systrace (Interactive Policy Generation for System Calls)
http://www.citi.umich.edu/u/provos/systrace/
Systrace enforces system call policies for applications by interactively constraining the application's access to the system (*bsd and Linux). Systrace is able to monitor daemons on remote machines and generate warnings at a central location.
Related Categories
Home > Computers > Security > Intrusion Detection Systems > Products and Tools > Open Source
Thanks to DMOZ, which built a great web directory for nearly two decades and freely shared it with the web. About us
