blank.gif (43 bytes)

Church Of The
Swimming Elephant


IDS Tools

AAFID AAFID is a distributed monitoring and intrusion detection system that employs small stand-alone programs (Agents) to perform monitoring functions in the hosts of a network.
AIDE AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.
Deception Toolkit Use to create honeypot services sprinkled across your servers. Keep attackers wondering if they are hitting a real service or a honeypot one. Highly configurable responses and notifications. Makes it difficult for attackers to go undetected. UNIX.
Defense Worx The Defense Worx™ intrusion detection system is a network-based system that performs high-speed traffic analysis of the content and context of a network packet to detect unauthorized traffic in real-time.
HostSentry HostSentry is a host based intrusion detection tool that performs Login Anomaly Detection (LAD). This tool allows administrators to spot strange login behavior and quickly respond to compromised accounts and unusual behavior. HostSentry incorporates a dynamic database and actually "learns" the user login behavior. This behavior is then utilized by modular signatures to detect unusual events.
icmpinfo Monitor ICMP packets to detect suspicious behaviour.
ImSafe ImSafe is a host-based intrusion detection tool for Linux. It is performing anomaly detection at the process level and tries to detect various type of attacks.
IPLimit Useful for preventing DoS attacks by limiting amount of connections to a given service.
Logcheck This tool is a clone of a program that ships with the TIS Gauntlet firewall but has been changed in many ways to make it work nicely for normal system auditing. Logcheck will automatically monitor your system logs and mail security violations to you on a periodic basis.
pakemon / packet monster pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic.
PortSentry PortSentry is a port scan detector that takes an active stance to shut down attacking hosts while notifying administrators and provides an easy configuration and startup. Attacking hosts are denied access to your host by dropping of local routes, dynamic packet filter changes, or adding the host to a TCP Wrappers hosts.deny file, all in real-time.
Saint Jude The Saint Jude Project is a Project to develop Kernel-Level IDS mechinisms to protect the integrity of host systems.
Snort Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
Snot Snot is an arbitrary packet generator, that uses snort rules files as its source of packet information. It attempts at all times to randomise information that is not contained in the rule, to hamper the generation of 'snot detection' snort rules. It can be used as an IDS evasion tool, by using specific decoy hosts, or just something to keep your friendly IDS monitoring staff busy.
Swatch Tool for monitoring Unix syslog and alerting to suspicious traffic. is a tcpdump script that monitors data to detect stealth scans from scanners such as nmap.
T-sight T-sight was created with our philosophy of manual intrusion detection in mind, which is based on the fact that an intruder must establish connections with other computers to accomplish his or her goal. These connections are an intruder's footprints, and the best way to catch the intruder is to have an advanced visualization of those footprints. With T-sight, you are able to monitor all your network connections (i.e. traffic) in real time and can observe not only when suspicious activity takes place, but the composition of that activity.
Trappa Trappa is a tool to monitor for CGI scans and Probes. It places dummy CGI files on the web and notifies you of exploit scans including the IP and Web Browser of the attacker.
Tripwire Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintenance, and functionality.
Winetd Winetd is an inetd for Windows that incorporates the use of honeypot modules. Use to deceive attackers on a NT host. Because it is an inetd it can be used in conjunction with other inetd launched IDS tools and services.


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609