Bro

As a high-speed (Gbps) intrusion detection system, the Bro Network Intrusion Detection System effectively detects intrusions by parsing network traffic to extract the application-level semantics before executing event-oriented analyzers. The analyzers compare activity with patterns deemed troublesome to identify specific attacks (including those defined by signatures) and unusual activities. Examples include certain hosts connecting to specific services or patterns of failed connection attempts.

The Bro Network Intrusion Detection System uses a specialized policy language that can be tailored to a site's preferences, enabling the system to adapt to newly discovered threats and site policies' evolution. If Bro detects suspicious activity, it generates a log entry, sends a real-time alert to the operator, and can execute an operating system command to terminate a connection or block a malicious host on-the-fly. Detailed log files provided by Bro can also be advantageous for forensic purposes.

By effectively leveraging packet-filtering techniques, Bro is able to achieve high performance levels while running on commercially available PC hardware. This makes it a cost-effective means of monitoring a site's Internet connection. In summary, we highly recommend the Bro Network Intrusion Detection System due to its robust features and comprehensive intrusion detection capabilities.