This IDS is network-based, and it will monitor network traffic for known attacks based on provided signatures. The application will receive suspicious packet capture files from a network monitoring program and output any detected attacks, as well as some details about them.
The main functionalities of this application are:
- Count packets and sizes
- Detect packets with clearly spoofed addresses
- Detect LAN-based servers
- Detect DNS queries for sinkholed domains
- Detect ARP cache poisoning attacks
- Detect the presence of famous worms
- Detect amplified denial-of-service attacks
How to use the ids:
when you in the terminal, type "Python ids [your pcap file]" to run the script