2008年1月24日 星期四

Ping Sweep Detection

An intrusion detection system is one way of detecting ping sweep. There are several solution such as snort. Snort is an open source IDS that is resourceful and lightweight.
Snort
Snort can be downloaded from http://www.snort.org. Authored by Martin Roesch.
Snort is a cross-platform, lightweight network intrusion detection tool that can be deployed to monitor small TCP/IP network and capable of detecting a range of suspicious network traffic. Snort features rules based logging to perform content pattern matching and detect a variety of attack and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes etc.
Snort has three primary uses. It can be used as packet sniffer or packet logger. It can also be used as a complete network intrusion detection.
Genius
Genius is efficient in helping user to use several popular Internet protocols. Written by Coda Hale. Can be downloaded under GNU Public license from http://www.indiesoft.com.
BlackICE
BlackICE Defender is not just a firewall, it is also an IDS. In reality, it is a "hybrid" between firewall and IDS. BlackICE Defender combine firewall technology with intrusion detection technology. That means it uses more than one method to protect the system.
Scanlogd
Scanlogd detect port scans and writes one line per scan via syslog(3) mechanism. Written by Solar Designer and Steffen Dettmer.

沒有留言: