Network intrusion detection
AbuseHelper
AbuseHelper is toolkit for CERT and Abuse teams. It is a modular, (hopefully) scalable and robust framework to help you in your abuse handling. With Abuse Helper you can retrieve Internet Abuse Handling related information via several sources, you can then aggregate that information based on different keys, such as AS numbers or country codes and send out reports in different formats, via different transports and using different timings.
AIS Alarms
The AIS Alarms-Unix System provides network and host-based computer security event monitoring, assessment, and response. It is implemented as a collection of distributed software modules that provide active monitoring, and to a limited degree, automatic response to suspicious activities (so called "attacks") that typically indicate attempts to gain or use unauthorized access to a computer or computer network.
IOS Firewall feature set
Cisco's IOS Firewall feature set allows many standard Cisco router products to be used as stateful firewalls. This software option also provides some intrusion detection functions, with real-time alerting of attacks in progress. Extensive documentation is available from the Cisco web site.
ISS Internet Scanner
Internet Scanner performs scheduled and selective probes of communication services, operating systems, applications and routers to uncover and report systems vulnerabilities that might be open to attack.
ISS RealSecure
ISS RealSecure is a commercial firewall/IDS package, designed to provide security protection for large, complex networks. Sensors can take input from hosts or networks and report anonmalies back to a central management station.
Network Intrusion Detector (NID)
NID provides a suite of security tools that detects and analyzes network intrusions. It provides detection and analysis of intrusions from individuals not authorized to use a particular computer, and from individuals allowed to use a particular computer but who perform either unauthorized activities or activities of a suspicious nature on it. Only available to U.S. Gouvernment, so no further information provided!
snort
Snort is a network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
WinMHR (beta)
WinMHR (malware hash registry) is a tool from registered not-for-profit Team Cymru. It integrates with your Windows PC and uses Team Cymru's Malware Hash Registry to quickly find malicious files residing or running on your computer.
