Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible. Firestorm performs a lot better than all other systems I have tested (such as snort and prelude) by as much as a factor of 2 (and thats under favourable conditions, it way outstrips the competition under a targeted DoS attack).
A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic. If a firewall is a doorman, a NIDS is an undercover KGB agent. He silently gathers intelligence and can spot an enemy even if the door security has already let them in (maybe the enemy can make fake identification documents).
Should compile and run on any mainstream UNIX really...
High performance OS Specific capture module for Linux
Capture from libpcap files (normal AND redhat extended)
Packet decode engine fully supports encapsulation
Decode plugins included for many protocols (see below)
Boyer Moore string match (including embedded binary data)
Wu-Manber setwise string matching
Comprehensive snort rule support
Easy to configure; just one config file
Can run chroot and with lowered privs (when started as root)
Preprocessors to allow supplementary modes of detection (eg: anomaly detection)
Full IP defragmentation (passes fragroute evasion tests)
TCP stateful inspection with window tracking
Intelligent TCP stream reassembly
Full application layer decodes
Remote log to prelude-manager http://www.prelude-ids.org/
EXTREMELY fast and scalable signature engine
Configurable token-bucket rate-limiting of any alerts
GNOME2 based analyst console user interface
Security Worm is not the publisher of #name#. We simply catalog security software for download.
Security Worm crawls the net for your wireless, server, networking, and internet software. ©2006 All rights reserved.