Hi all,
I'm glad to announce that the first USABLE public release of Hogzilla IDS is available!
The new version is performing well in the networks where it is under test.
In this new version we developed support for sFlows and created new methods which allows for identification of:
Horizontal port scans
Vertical port scans
DDoS attacks
Abused SMTP servers
Servers/hosts being attacked
Hosts sending spams
Hosts connecting to botnets, executing scans or running worms
Hosts being used to execute a DDoS (amplification attacks)
P2P communications
Media streaming communications
DNS tunnels
ICMP tunnels
Among others
Hogzilla also provides VISIBILITY for the network. It can:
Identify, classify and generate charts about network servers
Identify Operating Systems for network hosts
Access the project's site (
http://ids-hogzilla.org) for more information, screenshots and detail about methods.
Regards,
PA