Intrusion Detection and Prevention Systems

Inline network detection and response system with IPS capabilities

AI-powered IPS that blocks zero-day attacks, C2, and exploits inline in real time

A next-generation intrusion prevention system that combines signature-based and behavioral detection techniques to identify and block sophisticated network threats across hybrid environments.

SSHGuard protects hosts from brute-force attacks by monitoring system logs, detecting attacks, and blocking attackers using a firewall.

A free DNS recursive service that blocks malicious host names and protects user privacy.

Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.

A free, open-source network protocol analyzer for capturing and displaying packet-level data.

Fail2ban is a daemon that automatically bans IP addresses showing malicious behavior by monitoring log files and updating firewall rules to prevent brute-force attacks.

Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.

An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.

An open-source network security monitoring tool.

SentryPeer is a fraud detection tool that monitors and detects fraudulent activities on SIP servers, capturing IP addresses and phone numbers of suspicious activities and providing a notification system to service providers.

BPF+ is a generalized packet filter framework that achieves both high-level expressiveness and good performance for network monitoring and intrusion detection applications.

Snort 3 is the next generation Snort IPS with enhanced features and improved cross-platform support.

A multi-threaded intrusion detection system using Yara for network and stream IDS

Snort is an open source intrusion prevention system that uses rules to detect and prevent malicious network activity.

Open source security-oriented language for describing protocols and applying security policies on captured traffic.

6Guard is an IPv6 attack detector sponsored by Google Summer of Code 2012 and supported by The Honeynet Project organization.

CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.

DenyHosts is a script to block SSH server attacks by automatically preventing attackers after failed login attempts.

OSSEC is a versatile HIDS known for its powerful log analysis and intrusion detection capabilities.

A wireless network detector, sniffer, and intrusion detection system

Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.

BotScout.com provides proactive bot detection, screening, and banning through a powerful API.