IDS

Networkbased IDS (NIDS) Hostbased IDS (HIDS) Hybrid IDS System Integrity Verifier (SIV) Networkbased IDS: Snort (due to many entries on a separate page) Bro: a less well known but nonetheless very interesting NIDS from Vern Paxson. Bro targets "high-speed (Gbps), high-volume" intrusion detection. Broccoli, the Bro Client Communications Library. Brooery: a new GUI design for analyzing security relevant network activity Shadow: One of the first freely available NIDS The Shadow/Snort-CD by Seeker: Documentation and the ISO image are provided. Shoki: a signaturebased NIDS with PostgreSQL Backend Database Firestorm NIDS: Currently sensor-only NIDS. Claims high performance and tries actively to show its superiority to Snort and other free NIDS. BENIDS: an experimental pcap-based NIDS with XML signature files. Supports IDMEF-Output. OpenSource HIDS: SNARE - System Intrusion Analysis & Reporting Environment Improves Linux with hostbased IDS and C2-style auditing. Samhain: a distributed file integrity checker Basically, Samhain is a System Integrity Verifier. Then why not group it under SIV? Samhain has much more features than a simple hash database. Samhain allows distributed file checking with a central database. It runs in daemon mode and knows about previous alert, so it will not raise the same alert again. On Linux and FreeBSD systems Samhain detects LKM (loadable kernel module) rootkits. With the web based console Belthane it is easy to update the signature database on the central server and to monitor the change logs. OsHIDS: an OpenSource log analysis tool M-ICE: (Modular Intrusion Detection and Countermeasure Environment) OpenSource Hybrid IDS: Prelude Combines hostbased and networkbased IDS in one system. While it is a relatively young system it seems to evolve quite nicely. In my opinion a very promising project. See also Preludes new honeyd patch. OpenSource System Integrity Verifier: Tripwire: the well-known commercial system has a somewhat old OpenSource brother Aide (Advanced Intrusion Detection Environment): a Tripwire replacement Samhain: see above Intrusion Prevention: Inline-Snort: a patch for Snort which enables Snort to drop or modify network packets Hogwash: an IPS which was formerly based on Snort. The new H2 engine will replace the Snort engine. (seems no longer to be actively maintained) Miscellaneous Tools: fragroute: an attack router which implements NIDS evasion techniques after the famous Ptacek/Newsham paper "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ". NADS (Normalized Attack Detection System):a C library to normalizes HTTP urls (currently proof-of-concept code) IDABench: a pluggable framework for intrusion analysis, based on SHADOW tcpreplay: a tool to replay saved tcpdump files at arbitrary speeds

===================================

<출처: http://blog.naver.com/jabusunin/30001675021 >