is an open source network intrusion prevention and
detection system (IDS/IPS) developed by Sourcefire.
Combining the benefits of signature, protocol, and anomaly-based
inspection, Snort is the most widely deployed IDS/IPS technology
worldwide. With millions of downloads and nearly 400,000 registered
users, Snort has become the de facto standard for IPS.
It is based on the code
from the Analysis Console for Intrusion Databases (ACID) project. This
application provides a web front-end to query and analyze the alerts
coming from a SNORT IDS system.
BASE
is a web interface to perform analysis of intrusions that snort has
detected on your network. It uses a user authentication and role-base
system, so that you as the security admin can decide what and how much
information each user can see. It also has a simple to use, web-based
setup program for people not comfortable with editing files directly.
is an Open Source Host-based Intrusion Detection System that performs
log analysis, file integrity checking, policy monitoring, rootkit
detection, real-time alerting and active response.
It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
Check out OSSEC features and how it works for more information about how OSSEC can help you solve your host-based security problem.
is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF). Suricata is
developed by the OISF and its supporting vendors.
Open Information Security Foundation (OISF) is a non-profit foundation
organized to build a next generation IDS/IPS engine. The OISF has formed
a multi-national group of the leading software developers in the
security industry. In addition to developers and a consortium consisting
of leading cyber security companies, OISF has engaged the open source
security community to identify current and future IDS/IPS needs and
desires.
is a Universal "Security Information & Event Management"
(SIEM) system. Prelude collects, normalizes, sorts, aggregates,
correlates and reports all security-related events independently of the
product brand or license giving rise to such events; Prelude is
"agentless".
As well as being capable of recovering any type of log (system logs,
syslog, flat files, etc.), Prelude benefits from a native support with a
number of systems dedicated to enriching information even further
(snort, samhain, ossec, auditd, etc.).
is an easy to install intrusion detection system based upon
Snort. EasyIDS is designed for the network security beginner with
minimal Linux experience. EasyIDS includes CentOS linux, Snort,
Barnyard, mysql, BASE, ntop, arpwatch, and more.
open source Intrusion Detection System distribution based upon Snort,
EasyIDS takes the pain and frustration out of deploying an Intrusion
Detection Systems. Designed for the network security beginner with
minimal Linux experience, EasyIDS can convert almost any industry
standard x86 computer into a fully-functioning Intrusion Detection
System in as little as 15 minutes. EasyIDS lowers deployment and
maintenance costs for network security without compromising
functionality or performance.
provide host-level security services for the Unix
platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against
portscans, automate log file auditing, and detect suspicious login
activity on a continuous basis.
is a lightweight and fully-ready IDS/IPS (Intrusion
Detection/Prevention System) Linux distribution based on Debian 7
(wheezy), available for 32 and 64 bit architecture. The distribution
includes the latest version of Snorby, Snort, Suricata, PulledPork and
Pigsty. An easy setup process allows to deploy a complete IDS/IPS System
within minutes, even for security beginners with minimal Linux
experience. Join the community, share your experiences, tips and ideas.
Topera:
is a brand new TCP port scanner under IPv6, with the particularity that these scans are not detected by Snort.
Snort
is the most known IDS/IPS and is widely used in many different critical
environments. Some commercial tools (Juniper or Checkpoint ones) use it
as detection engine also.
Mocking snort detection capabilities could suppose a high risk in some cases.
We keep researching on the security implications that the "new" IPv6 protocol will have in different environments.
Get local IPv6 address - Get local ethernet interface - sniffer packet counter - Some minor fixes. You can see an example of execution of Topera in demo videos below,
Latest Video :
Sample Snapshot :
In next pictures you can see some executions screenshots: