snort関連とか
各所でsnort関連が流行っていますが...そういう私も今日はsnortと1日格闘
SNORTER is an HTML reporting tool for the network intrusion detectionsystem SNORT http://www.snort.org/ . SNORTER connects to the MYSQLSGBD and query it for events generated by SNORT or any other deviceusing SNORT-DB format. See the tool LOGSNORTER at http://www.snort.org/dl/contrib/other_logs/
Sawmill supports Snort Log Format-- it can process log files in Snort format, and generate dynamic statistics from them, analyzing and reporting server traffic.
ついでにIDS Test toolメモ。今更ながら古いfocus-ids処理中。
- NIDSBENCH : (http://packetstormsecurity.nl/UNIX/IDS/nidsbench/)
- STICK : (http://packetstormsecurity.nl/distributed/stick.tgz)
- SIDESTEP :IDS evasion tool (http://www.robertgraham.com/tmp/sidestep.html)
- IDSwakeup :false positive generator (http://www.hsc.fr/ressources/outils/idswakeup/)
- Mucus :traffic generation tool (http://www.cs.ucsb.edu/~rsg/Mucus/)
- Snort : http://www.snort.org/
- Prelude : http://www.prelude-ids.org/
- Firestorm NIDS : http://www.scaramanga.co.uk/firestorm/