• Analysis Console for Intrusion Databases (ACID)
     

    • Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags).

    • Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts

    • Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases.

    • Chart and statistics generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification

  • BlackIce Pro
     

  • Bro : Open Source IDS

    • User Manual
       

  • Bruce Schneier's Computer Security: Will We Ever Learn?
     

  • Buyer's Guides for IDS
     

  • Checklist : Intruder Detection Checklist
    cert.org

  • Cisco Intrusion Detection
     

  • COAST Intrustion Detection pages tutorials, links
     

  • Cybersafe's Centrax
     

  • Demarc Security's Opensource IDS PureSecure
     

  • dIDS, Introduction To Distributed Intrusion Detection Systems (Jan 2002)
     

  • Deploying an Effective Intrusion Detection System
     

  • DoxPara Research : tools for manipulating TCP/IP networks
     

  • EagleX
    EagleX is an IDS environment using free software. Snort IDS (www.snort.org) and IDScenter (www.packx.net) is the core of this distribution. With IDScenter you can setup very fast a full working Snort IDS for your network. Apache server (www.apache.org), PHP (www.php.net), MySQL (www.mysql.com) and ACID (www.cert.org/kb/acid) are used to see latest alerts in a nice front-end, using http authentication.

  • Entercept, Intercepting Intrusions With Entercept
     

  • Enterasys: Dragon Intrusion Detection System
     

  • Exchange Format : Intrusion Detection Exchange Format
     

  • FAQs for IDS

    • Network Intrusion Detection Systems FAQ

      • www.ticm.com/kb/faq/idsfaq.html
         

      • secinf.net/info/misc/network-intrusion-detection.html
         

    • SANS
       

    • Sobirey's Intrusion Detection Systems page
       

  • Firestorm NIDS
     

  • Fport : Identify unknown open ports and their associated applications
     

  • Fragroute: NIDS testing revisited
     

  • Gigabyte IDS
     

  • Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
     

  • Intrusion Detection Methodologies Demystified
     

  • Intrusion Detection articles ordered by the number of citations
     

  • IDS Group Test : www.nss.co.uk
     

  • Informer
    IDS Informer : test your IDS systems: intrusion detection testing solution that utilizes Simulated Attacks For Evaluation process to launch real but harmless attacks at IDS systems. IDS Informer has the ability to run individual or groups of attacks, the speed of which can all be throttled.

    IDS Informer Attack Development Kit : allows any format packet capture to be converted to the IDS Informer format enabling all of the advanced configuration and security options currently available with the default attack library without altering the overall structure of the capture

    IDS Informer Command Line Interface : enables existing IDS Informer Professional users to run multiple copies of IDS Informer from a single device from a remote source. The CLI provides all of the configuration options associated with IDS Informer with additional functionality to determine configured groups and interfaces, available attacks and to schedule unattended transmission of attacks.remote control of IDS Informer

  • Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events tutorial
     

  • Intrusion Signatures and Analysis book recommendation
     

  • Intrusion Signatures : Evaluating Network Intrusion Detection Signatures
     

  • Intruvert Networks
    2G bit/sec+ capable, signature detection; anomaly detection; DoS detection; virtual IDSs, $100,000+

  • IPolicy Networks
    4G bit/sec+ capable, carrier capable; run seven security apps simultaneously; $125,000+

  • ISS : Internet Security Systems
     

  • ISS : Gigabit Ethernet Intrusion Detection Detection
     

  • Locking down NT host for Intrusion Detection
     

  • LT Auditor+ : intrusion detection/audit trail security software NT, commercial
     

  • Mailing list: There is an IDS mailing list hosted at ids@uow.edu.au
    To subscribe send a message with following text to majordomo@uow.edu.au
    subscribe ids Your Name
     

  • Mailing list archive for IDS, Securepoint
     

  • Michael Sobirey's Intrusion Detection Systems page links
     

  • Network Computing's Review of IDS August 2001
    Computer Associate International's eTrust, Cisco Systems' Secure IDS, CyberSafe Corp.'s Centrax, Enterasys Networks' Dragon, Internet Security Systems' BlackICE ISS' RealSecure, Intrusion.com's SecureNet Pro, NFR Security's NFR Network Intrusion Detection System, Anzen Computing's Flight Jacket, open-source Snort, Symantec Corp.'s NetProwler.

  • NIST Intrusion Detection Systems draft
     

  • NIST Special Publication on Intrusion Detection Systems draft
     

  • NFR Security commerical IDS products (Sept 2001)
     

  • Passive Mapping: An Offensive Use of IDS (Sept 2001)
     

  • Planning Concerns, Considerations, and Tips for IDS in Federal IT Systems SANs
     

  • Sentinel : fast file/drive scanning utility similar to the Tripwire and Viper.pl unix
     

  • Signatures:

    • Network Intrusion Detection Signatures Karen Kent Frederick
       

  • Snort : The Open Source Network Intrusion Detection System
     

  • Steps for Recovering from a UNIX or NT System Compromise
     

  • TCPDUMP
     

  • TelemetryBox : Linux based distribution designed especially for diagnostic purposes
     

  • Terminology, Intrusion Detection Systems Terminology, part 1 (July 2001)
     

  • Terminology, Intrusion Detection Systems Terminology, part 2 (July 2001)
     

  • TippingPoint Technologies
    2G bit/sec+ capable NIDS; traffic-specific attack detection to limit false positives; protocol anomaly and traffic anomaly detection, stateful inspection

  • Vendors:

    • Dragon IDS Enterasys Networks
       

    • Entercept : Intrusion prevention for enterprise servers
       

    • GFI LANguard Security Event Log Monitor
       

    • NetIQ Security Manager

    • Network-1 CyberwallPLUS

    • Okena Stormwatch

    • Pentasafe VigilEnt Intrusion Manager

    • RealSecure Network Protection
       

    • Symantec HIDS
       

  • Virtual Burglar Alarm - Intrusion Detection Systems pt1
     

  • Virtual Burglar Alarm - Intrusion Detection Systems pt2
     

  • Vulnerabilities of Network Intrustion Detection Systems : Realizing and Overcoming the Risks