Search Results for "attack"

...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances.

The OWASP ModSecurity Core Rule Set (CRS) is a curated, generic Web Application Firewall rule set that detects and blocks common attack categories across most web apps. It focuses on broad protection—SQL injection, cross-site scripting, local/remote file inclusion, command injection, and protocol violations—without requiring app-specific knowledge. Rules are organized into paranoia levels so operators can tune detection aggressiveness and balance false positives against coverage. ...

Assuming a firewall (whether in hardware or in software via IPTables / IPChains / or another software firewall), then the bulk of your nefarious traffic is (hopefully) already being taken care of. However, what slips through, on legitimate ports, can sometimes be denial of service attacks. A truly distrubuted denial of service attack is something for where there exists no known solution (at least at this time). However, a single user dos (or a small number of users working together) can effectively be thwarted if your pipe (internet connection) is large. Running on a short cycle (such as 1 minute), ddos_delfate ege can detect nefarious IP's that have bombarded a port with a tremendous number of connections (in a soho environment, 100 connections from a single IP that is not in your LAN constitutes a 'big red warning flag', but you can set this connection limit to your liking in the config file).

Java-based Open Source WAF (Web Application Firewall) to include inside a web application in order to protect it against attacks like Cross-Site Request Forgery (CSRF), Parameter Manipulation and more.

This project reads logs from your mikrotik firewall and creates an address list with detected attackers

This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected.

Etherwall is a free and open source network security tool that prevents Man in The Middle (MITM) through ARP Spoofing/Poisoning attacks. It Also prevent it from various attacks such as Sniffing, Hijacking, Netcut, DHCP Spoofing, DNS Spoofing, WEB Spoofing, and others. Note: For personal computer use only (client security) if you like this program, please give us your vote at http://sourceforge.net/projects/etherwall/reviews/

Application proxy toolkit which inherits the ideology of TIS fwtk and maintains API backwards compatibility. The design goal is to make it simple yet powerful; no performance hacks allowed in the code and library dependencies are reduced to minimum.

inundator is a tool used to anonymously inundate intrusion detection logs with false positives to obfuscate a real attack, leaving the IDS analyst feeling completely inundated.

Gardol monitors system log files to detect denial of service and other attacks and blocks attacking sites with Linux iptables. Attack detection rules may be programmed in Perl.

...Knock sequences are defined through XML files; users specify: number of packets of each knock sequence, payload and header of each packet. Logging capability. Generation of smoke packets.No replay-attack

syndetector is a software which can detect and drop packet when a synflood attack is detected ! Based on a simple detection system (by the use of iptables and libipq) and on a simple use It is realy easy to setup this software.

fwlogwatch is an open source firewall/IDS log analyzer and interactive realtime attack detection and response tool

myNetWatchman Perl Agent is a program that is designed to capture rejected packet information from various firewall logs and forward this attack information to central analysis servers at myNetWatchman.com.

The Master-Slave project is directly related to the Snort IDS to dynamically create rules into iptables firewall. It could send the attacker IP address to others machines into the circuit that will block the IP address before any attack from the intruder