Category: Intrusion Detection

Mar 05 2011

PacketFence – Open Source Network Access Control (NAC) System

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system.

Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks – from small to very large heterogeneous networks.

What you can do with PacketFence :
PacketFence

  • Block iPods wireless access
  • Forbid rogue access points
  • Perform compliance checks
  • Eliminate Peer-to-Peer traffic
  • Provide guest access
  • Simplify VLAN management

Download: packetfence-2.1.0.tar.gz

Jan 24 2011

Mausezahn – fast traffic generator

Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.

Mausezahn can be used for example:

  • As traffic generator (e. g. to stress multicast networks)
  • To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
  • As didactical tool during a datacom lecture or for lab exercises
  • For penetration testing of firewalls and IDS
  • For DoS attacks on networks (for audit purposes of course)
  • To find bugs in network software or appliances
  • For reconnaissance attacks using ping sweeps and port scans
  • To test network behaviour under strange circumstances (stress test, malformed packets, …)

…and more. Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests.

Currently Mausezahn is only available for Linux platforms.

As of version 0.38, Mausezahn supports the following protocols:

  • ARP
  • BPDU or PVST
  • CDP
  • LLDP
  • IP
  • IGMP
  • UDP
  • TCP (stateless)
  • ICMP (partly)
  • DNS
  • RTP optionally RX-mode for jitter measurements
  • Syslog

Download: mz-0.40.tar.gz

Oct 09 2009

Samhain – Host-Based Intrusion Detection System

The Samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is a multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

Features:

  • PCI DSS Compliance
  • File integrity checks
  • Host integrity monitoring
  • Logfile monitoring/analysis
  • Log facilities
  • Integration with other systems / Active response

Download: Samhain Version 2.5.9c

Aug 28 2009

TrafScrambler – Anti-Sniffer

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD.

Features:

  • Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences
  • Userland binary(tsctrl) for controlling trafscrambler NKE
  • SYN decoy – sends out number of SYN pkts before the original SYN pkt
  • TCP reset attack – sends out RST/FIN pkt with bad sequence
  • Pre-connection SYN – sends out SYN with wrong TCP-checksum
  • Post-connection SYN – sends out fake SYN after connection establishment
  • Zero Window – send out pkt with “0” window set

Latest Release: trafscrambler-0.2.tgz

Read More: TrafScrambler

Dec 25 2008

Firekeeper – IDS For Firefox

FireKeeper

Firekeeper is an Intrusion Detection and Prevention System for Firefox.
It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts.
Rules can also be used to effectively filter different kinds of unwanted content.

Features :
* Ability to scan HTTP(S) request URL, response headers and body, and to cancel processing of suspicious requests
* Encrypted and compressed responses are scanned after decryption/decompression
* Privacy friendly – no data is send to external servers, all scanning is done on the local computer
* Very fast pattern matching algorithm (taken directly from Snort).
* Interactive, verbose alerts that give an ability to choose a response to detected attack attempt.
* A detailed view of suspicious response headers and body
* Event logging
* Ability to use any number of files with rules and to automatically load files from remote locations

Download :
http://firekeeper.mozdev.org/