The Bait and Switch Honeypot System combines the snort Intrusion Detection System (IDS) with honeypot technology to create a system that reacts to hostile intrusion attempts by marking and then redirecting all "bad" traffic to a honeypot that partially mirrors your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data, while your clients and/or users are still safely accessing the real system. Life goes on, your data is safe, and you get to learn about the bad guy as an added benefit. It works with Snort 1.9.0, 1.9.1, and 2.0.2.
Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attackers' IP addresses into the ipfw2 table, effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which gives it enough flexibility to be used with almost any network service. Bruteblock doesn't use any external programs and works with ipfw2 tables via the raw sockets API.
CoralReef is a comprehensive software suite developed by CAIDA for collecting and analyzing data from passive Internet traffic monitors in real time or from trace files. The package also includes programming APIs for C and Perl, and applications for capture, analysis, and Web report generation.
The CMU NetReg package is a scalable and flexible Web-based system for managing networks. It consolidates information about DNS zones, subnets, machine registrations, and DHCP configuration, and provides tools for easy management. The system exports ISC BIND configuration and zones, and can update them via either static zone files or TSIG signed dynamic DNS updates. It also exports ISC DHCP configurations, and has a SOAP API for integration with other systems.
Dummynet is a flexible tool originally designed for testing networking protocols, and since then (mis) used for bandwidth management. It simulates/enforces queue and bandwidth limitations, delays, packet losses, and multipath effects. It also implements a variant of Weighted Fair Queueing called WF2Q+. It can be used on user's workstations, or on FreeBSD machines acting as routers or bridges.
Hafiye is a POSIX-compliant, customizable TCP/IP packet sniffer. Instead of interpreting protocols according to the data structures supplied by the operating system, it interprets Layer II, III, and IV as well as the payload, according to the knowledge base that it constructs from the user-supplied protocol configuration files.