Snort - Network Intrusion Prevention and Detection System

•    C

---

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

intrusion-detection intrusion-prevention network attack port-scanner packet-capture

fail2ban - Daemon to ban hosts that cause multiple authentication errors

•    Python

---

Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose. Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

security intrusion-prevention fail2ban bsd gplv2 ban-hosts intrusion-detection ids ips anti-bot attack-prevention

DCEPT - A tool for deploying and detecting use of Active Directory honeytokens

•    Python

---

DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft Active Directory. Honeytokens are pieces of information intentionally littered on system so they can be discovered by an intruder. The honeytokens are credentials that would only be known by a someone extracting them from memory. A logon attempt using these faux credentials would mean someone was inside the network and is attempting privilege escalation to domain administrator.

intrusion-prevention security threat-detection vulnerability tool

Bro - Network Security Monitor

•    C++

---

Bro is a powerful network analysis framework that is much different from the typical intrusion detection system you may know. Bro provides a comprehensive platform for more general network traffic analysis as well.

intrusion-detection intrusion-prevention ids network-analyzer monitoring packet-capture

pig - A Linux packet crafting tool.

•    C

---

Pig (which can be understood as Packet intruder generator) is a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuff.Pig brings a bunch of well-known attack signatures ready to be used and you can expand this collection with more specific things according to your requirements.

packet-crafting networking hacking-tool intrusion-prevention forensics network-analysis network-security-monitoring denial-of-service hacking network-protocols network-test arp-spoofing

vallumd - Centralize or distribute IPset blacklists

•    C

---

This program allows you to centralize and distribute IP blacklists. If you maintain a server on the Internet, it's very likely you encountered one or more brute force attacks. Not a problem, just install fail2ban. Done.

intrusion-prevention ipset ips blacklist fail2ban ban-hosts

weakforced - Anti-Abuse for servers at authentication time

•    C++

---

The goal of 'wforce' is to detect brute forcing of passwords across many servers, services and instances. In order to support the real world, brute force detection policy can be tailored to deal with "bulk, but legitimate" users of your service, as well as botnet-wide slowscans of passwords. The aim is to support the largest of installations, providing services to hundreds of millions of users. The current version of weakforced is not quite there yet, although it certainly scales to support up to ten million users, if not more. The limiting factor is number of logins per second at peak.

security intrusion-prevention intrusion-detection gplv3 c-plus-plus anti-bot attack-prevention