Open source intruder detection software

Anybody have a suggestion for a good open-source intruder detection software?
LVL 4
neisnerAsked:
Who is Participating?
 
chris_calabreseCommented:
I don't know too much about Imperva, but it looks like maybe a combination of a network-layer Intrusion Prevention System (IPS) with an application-layer one. This is not entirely different from what CheckPoint's trying to do in their Proventia appliances or in the Application Security modules of their firewall product.

In the open-source world, you could combine a network IPS like Snort-inline with Apache with the Security module and the proxy module to build something similar.
0
 
neisnerAuthor Commented:
I'm looking for something besides Snort, by the way...
0
 
FalconHawkCommented:
http://sourceforge.net/softwaremap/trove_list.php?form_cat=43

here are 1413 projects for security, all open source.
To get intusion detetion, just type: Intrusion detection and check the "require all words" box
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
ahoffmannCommented:
do you mean any kind of firewall or IDS/IPS or forensic tools ?
0
 
FalconHawkCommented:
i think the intrusion detection he means is against people hacking you
0
 
TolomirAdministratorCommented:
This is at least freeware:

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.  RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys)....

Tolomir
0
 
neisnerAuthor Commented:
to narrow down a little more, i need something that is anomaly-based as opposed to signature-based...
0
 
TolomirAdministratorCommented:
The Rootkitrevealer reveals files, that are hidden by special filepermissions not signatures.

In combination with a decent spyware detector like spybot search & destroy you should be on the safe side.

Tolomir
0
 
ahoffmannCommented:
do you mean something like http://www.imperva.com/
0
 
neisnerAuthor Commented:
actually ahoffmann, that is exactly what i'm looking for...except i am hoping to find something open-source...  free is good...  :)
0
 
ahoffmannCommented:
hmm, AFAIK imperva is lonley with this approach so far ...
keep in mind that this product covers all from network to application level and also some heuristic methods to combine informations gathered at different levels
0
 
ahoffmannCommented:
Chris, this product combines classical network firewall (aka packet filter) and application level firewall (aka web application firewall, aka adaptive proxy, aka web shield) with IDS. Becoming a IPS then. All alerts/events go to a database and the final decision if a packet is delivered depends on the statistics in the database depending on some rules.
It's not a classical packetfilter 'cause it knows about the context of each packet,
nor is it a application level firewall 'cause it behaves like a filter and is not a proxy like all others (AppShield, InterDo, etc.)
and it is not a IPS like others, 'cause it does not need to change rules somewhere else.
The only thing which am I anxious about is its "leraning mode", there is no setup, hence you (as admin) don't know what really happens, and why. Something suspicious ...

Let's see if other experts know of similar products ...
0
 
chris_calabreseCommented:
Yeah, and it makes your toast and coffee in the morning too...
0
 
ahoffmannCommented:
hey, I just gave this link to see if its functionality is something in mind of the questioner ..
besides its claimed functionality, it has an interesting aproach to do things
If I'll get one to check, I see if it "learns" (as it claims: learns everything, even the future ones) to make coffee or beer
:-D
0
 
neisnerAuthor Commented:
thanks for the suggestions guys...  i'm sold on the imperva device as soon as i can see it make beer...  :)
0
 
ahoffmannCommented:
yeah, let me know :~)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.