Libnids


Mar 14, 2010: Version 1.24 is available for download here along with its signature. All versions can be found here.

The releases are signed with the GPG key ID 6F5C037F available here or here. Get this key into your keyring _now_, so that you will be able to verify future releases.

Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.

The most valuable feature of libnids is reliability. A number of tests were conducted, which proved that libnids predicts behaviour of protected Linux hosts as closely as possible.

Libnids is highly configurable in run-time and offers a convenient interface. Currently it compiles on Linux, *BSD and Solaris. WIN32 port is maintained separately here.

Using libnids, one has got a convinient access to data carried by a TCP stream, no matter how artfully obscured by an attacker. You may have a look at a sample application.

Libnids is designed by Rafal Wojtczuk. Numerous people have contributed - see the README file in the source directory.




For more information on libnids contact Rafal Wojtczuk.