Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
9ba6d0c125e870c4eda1642bae0f28af0527e3dfe0b9212abe5bf2c96aedad3a
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
8e8b5c43e13c843370f225ff1003f6b0f2483791e95265a9dc7a0a465faa5d17
IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.
efeb5c499117e2738b81d6d4ce4aa65956a42f706b6e7382c736999fc4867272
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
d91eb7ef5cf24f6b236c8a59a071a9b15877cd0f0a2ac41c6853ab021b9ece16
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
9d6af4e62b34d3aad46f483a95bb007d949d046326b351ef26e865ca61774b9a