you are here: home > security > tools > ids
Call trans opt: receveid. 9-18-99 14:32:31 REC:log>
WARNING: carrier anomaly
Trace program: running
> Welcome 213.186.33.16
24.07.2008 - 02:32 (00:32 GMT)
5orry, you have... NO MAIL.

Intrusion Detection System: The Complete Documentation

  • This category contains 27 Tools
  • The last tool was added on 2007-02-12 (YYYY-MM-DD)
  • Use the Source Lucie!!! >:)

 Aanval Intrusion Detection Console -v1.53

Published on 2004-12-14 - by creator, ©Remote Assessment.

The Aanval Intrusion Detection Console / System is the industries newest advanced intrusion detection console. Currently supporting Snort and syslog Aanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. Aanval supports multiple sensors of multiple intrusion detection system types. Aanval's web-browser interface provides live auto-updating technology which provides real time event viewing from any Internet connected web-browser.

 ACID -v0.9.6b23

Published on 2003-08-01 - by Roman Danyliw, ©Roman Danyliw.

The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools.

 BASE - Basic Analysis and Security Engine -v1.0.2

Published on 2005-02-13 - by Kevin Johnson, ©Basic Analysis and Security Engine.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system. BASE is a web interface to perform analysis of intrusions that snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly.

 FLoP - Fast Logging Project for Snort -v1.4.1

Published on 2005 - by Dirk Geschke, ©Dirk Geschke.

This project uses a modified unix domain socket output plugin of the network intrusion detection system snort. The alerts generated by snort are read from the unix domain socket by another process called sockserv. This process reads from a socket and sends the alerts via TCP to a central server. On the central server a program called servsock reads these data and writes them via an unix domain socket to a database.

 idsa -v0.96.2

Published on - by Marc Welz, ©University of Cape Town.

Idsa is primarily a misuse detection system: As it processes access control requests from applications, it is well placed to discover access requests which are indications of hostile activity.

 IDSwakeup -v1.0

Published on 2002-10-23 - by Stéphane Aubert, ©Hervé Schauer Consultants.

IDSwakeup is a collection of tools that allows to test network intrusion detection systems. The main goal of IDSwakeup is to generate false attack that mimic well known ones, in order to see if NIDS detects them and generates false positives.

 ImSafe -v0.2.2

Published on 2001-02-21 - by Laurent Eschenauer, ©Laurent Eschenauer.

ImSafe is a host-based intrusion detection tool for Linux. It is performing anomaly detection at the process level and tries to detect various type of attacks. What is great about ImSafe is that the system doesn't know anything about the attacks and thus can detect unknown, unpublished attacks or any other form of malicious use of the monitored application.It performs quite well when monitoring usual services like a FTP server, telnet daemon,etc...

 LIDS -v1.2.0-2.4.25

Published on 2003-06-15 - by Xie Huagang and Philippe Biondi, ©LIDS.

LIDS is an enhancement for the Linux kernel written by Xie Huagang and Philippe Biondi. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, file protection (even from root), and process protection.

 MIDAS -v2.2f

Published on 2004-02-21 - by Jason Sessler, ©Jason Sessler.

MIDAS is a cross platform Monitoring and NIDS server. The goal of this project is to build a robust and complete network/system monitoring suite that is capable of scaling to very large networks.

 Mucus -v1.1

Published on 2004 - by D. Mutz, G. Vigna, R. Kemmerer, ©D. Mutz, G. Vigna, R. Kemmerer.

Signature-based intrusion detection systems use a set of attack descriptions to analyze event streams, looking for evidence of malicious behavior. If the signatures are expressed in a well-defined language, it is possible to analyze the attack signatures and automatically generate events or series of events that conform to the attack descriptions. This approach has been used in tools whose goal is to force intrusion detection systems to generate a large number of detection alerts. The resulting ``alert storm'' is used to desensitize intrusion detection system administrators and hide attacks in the event stream. We apply a similar technique to perform testing of intrusion detection systems. Signatures from one intrusion detection system are used as input to an event stream generator that produces randomized synthetic events that match the input signatures. The resulting event stream is then fed to a number of different intrusion detection systems and the results are analyzed. Mucus-1 is our first Mucus prototype traffic generation tool, designed to test network IDSs against traffic corresponding to Snort rules. Below, source code and Linux binary versions of Mucus-1 are available for download

 Oinkmaster -v1.1

Published on 2004-10-09 - by Andreas Östling, ©Andreas Östling.

Oinkmaster is a simple Perl script to update and manage Snort signatures.

 Pads - Passive Asset Detection System -v1.1.3

Published on 2004-10-01 - by Matt Shelton, ©Matt Shelton.

Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.

 Placid (Phil Loathes ACID) -v2.0.5

Published on 2004 - by Phil Deneault, ©Phil Deneault.

Placid(Phil Loathes ACID) was created as a replacement for CMU's ACID. Acid was too big, too slow, and had too many requirements for me. So I rewrote almost the entire thing(as well as added a few new features) using Python.

 SAM - Snort Alert Monitor -v20050201

Published on 2005-02-01 - by Sam Freiberg, ©Sam Freiberg.

SAM is a program to monitor (in real-time) the number of alerts generated by Snort™. Having recently set up Snort™ and ACID I felt like there was something missing. Snort™ was great for identifying suspicous traffic and ACID was great for digging in to the details but I needed something that was a little higher overview and able to sounds alarms if certain conditions were met. For instance if I was attacked 100 times in a 5 minutes period. SAM does not replace Snort™ or ACID but rather it compliments them.

 Sguil -v0.5.3

Published on 2004-12-07 - by Bamm Visscher, ©Bamm Visscher.

Sguil (pronounced "sgweel") is a graphical interface to snort, an open source intrusion detection system. The actual interface and GUI server are written in tcl/tk. Sguil uses other open source software including barnyard, mysql, ethereal, tcpflow, and awhois.sh. Sguil currently functions as an analysis interface and has no snort sensor or rule management capabilities. Those features are currently being worked on and will be included in a later release.

 Shoki -v0.2.1

Published on - by Stephen P. Berry, ©Stephen P. Berry.

Shoki is a NIDS intended to be simple, modular, and flexible.

 SID - Shell/PTY Intrusion Detection -v0.4.1

Published on 2005-02-06 - by Harald Deppeler, ©Harald Deppeler.

Shell/PTY Intrusion Detection: Aims at detecting unwanted PTY action on UNIX systems. SID-IDS is a Host Intrusion Detection System. Consists of a kernel part and a user part. The kernel part plugs into terminal processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes) and takes appropriate action upon finding unexpected log entries.

 Snort -v2.30

Published on 2005-01-25 - by Martin Roesch, ©Martin Roesch.

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

 Snort-NG -v1.8.7

Published on - by Christopher Kruegel and Thomas Toth, ©Christopher Kruegel.

Snort-NG is a patch that replaces and improves the detection engine of Snort, one of the most well-known and deployed network intrusion detection system (NIDS). Our engine makes the critical operation of Snort - the decision whether a packet matches a predefined set of rules (or signatures) - faster.

 Snortalog -v2.3.0b

Published on 2004-09-06 - by Jérémy Chartier, ©Jérémy Chartier.

Snortalog is a powerfull perl script that summarize snort logs making an easy view of what attacks are being seen through your network.

 Snorter -v2.1

Published on 2004 - by Jean-Philippe Guillemin, ©Jean-Philippe Guillemin.

SNORTER is an HTML reporting tool for the network intrusion detection system SNORT http://www.snort.org/ . SNORTER connects to the MYSQL SGBD and query it for events generated by SNORT or any other device using SNORT-DB format. See the tool LOGSNORTER at

 SnortSam -

Published on 2004-05-12 - by Frank Knobbe, ©Frank Knobbe.

SnortSam (the agent) can be obtained via HTTP (by clicking the links) or FTP. You can also get the source code from FTP or from the CVS Repository (further below). In addition, a patch file is available to simplify the addition of the SnortSam plugin into Snort.

 SnortSnarf -v021111.1

Published on - by James Hoagland, ©Silicon Defense.

SnortSnarf is a Perl program to take files or databases of alerts from the free Snort Intrusion Detection System , and produce HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts.

 snort_inline -v2.0.2

Published on 2003-10-24 - by Rob McMillen, ©Rob McMillen.

snort_inline is basically a modified version of Snort. It accepts packets from iptables, via libipq, instead of libpcap. It then uses new rule types to tell iptables if the packet should be dropped or allowed to pass based on the snort rule set.

 Snot -v0.92a

Published on - by Sniphs, ©Sniphs.

Triggers snort alerts taking a snort rules file as input. Use to decoy your local IDS admin, or just annoy people in general. This version now allows for non-randomised payloads, to inflict more hurt on the dumber IDS'

 Tamandua -v2.0.0

Published on - by Gustavo Scotti, ©Tamandua Laboratories.

Tamandua Laboratories is proud to announce the first public non-beta release fo Tamandua Network Intrusion Detection System. Install the software, read the manual, compare it! We are pretty confident Tamandua is one of the best Network-based IDS available today!

 wIDSard -v0.1

Published on - by Stefano Frassi, ©Stefano Frassi.

wIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. It is based on strace source for syscall interception. A finite-state automata is used to trace the monitored process. The language used for the configuration file is regular expression based. If a particular sequence of system calls is intercepted than an appropriate action could be executed (kill the process, log...)

Search: