SecTools

Sguil

Jalal Rohani — Sat, 24 Jun 2006 09:32:58 +0000

Sguil : The Analyst Console for Network Security Monitoring Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides realtime events from Snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts.

These icons link to social bookmarking sites where readers can share and discover new web pages.

BASE

Jalal Rohani — Sat, 24 Jun 2006 09:28:01 +0000

BASE : The Basic Analysis and Security Engine
BASE is a PHP-based analysis engine to search and process a database of security events generated by various IDSs, firewalls, and network monitoring tools. Its features include a query-builder and search interface for finding alerts matching different patterns, a packet viewer/decoder, and charts and statistics based on time, sensor, signature, protocol, IP address, etc.

These icons link to social bookmarking sites where readers can share and discover new web pages.

Fragroute/Fragrouter

Jalal Rohani — Fri, 23 Jun 2006 20:11:42 +0000

Fragroute/Fragrouter : A network intrusion detection evasion toolkit Fragrouter is a one-way fragmenting router - IP packets get sent from the attacker to the Fragrouter, which transforms them into a fragmented data stream to forward to the victim. Many network IDS are unable or simply don’t bother to reconstruct a coherent view of the network data (via IP fragmentation and TCP stream reassembly), as discussed in this classic paper. Fragrouter helps an attacker launch IP-based attacks while avoiding detection. It is part of the NIDSbench suite of tools by Dug Song. Fragroute is a similar tool which is also by Dug Song.

These icons link to social bookmarking sites where readers can share and discover new web pages.

OSSEC HIDS

Jalal Rohani — Fri, 23 Jun 2006 19:56:13 +0000

OSSEC HIDS : An Open Source Host-based Intrusion Detection System OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs.

These icons link to social bookmarking sites where readers can share and discover new web pages.

Snort

Jalal Rohani — Fri, 23 Jun 2006 13:50:01 +0000

Snort : A Everyone’s favorite open source IDS This lightweight network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.Open source Snort works fine for many individuals, small businesses, and departments. Parent company SourceFire offers a complimentary product line with more enterprise-level features and real-time rule updates. They offer a free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at Bleeding Edge Snort.

These icons link to social bookmarking sites where readers can share and discover new web pages.