Publisher review:Firestorm is an extremely high performance network intrusion detection system (NIDS). Firestorm is an extremely high performance network intrusion detection system (NIDS). It is fully pluggable and hence extremely flexible. A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic. If a firewall is a doorman, a NIDS is an undercover KGB agent. He silently gathers intelligence and can spot an enemy even if the door security has already let them in (maybe the enemy can make fake identification documents).
Features:
- Protocol anomaly detection
- Full application layer decodes
- Fully pluggable
- High performance OS Specific capture module for Linux
- Capture from libpcap files (normal AND redhat extended)
- Packet decode engine fully supports encapsulation
- Decode plugins included for many protocols (see below)
- Comprehensive snort rule support
- Wu-Manber setwise string matching
- Easy to configure; just one config file
- Can run chroot and with lowered privs (when started as root)
- Can run as a realtime process (when started as root)
- Preprocessors to allow supplementary modes of detection (eg: anomaly)
- Full IP defragmentation (passes fragroute evasion tests)
- TCP stateful inspection with window tracking
- Intelligent TCP stream reassembly
- HTTP URL normalization
- EXTREMELY fast and scalable signature engine
- Configurable token-bucket rate-limiting of any alerts
- GNOME2 based analyst console user interface
- Enhanced logging format for ease of analysis
- ELOG indexing for lightning fast sorting and filtering of alerts
Firestorm 0.5.5 is a C/C++ script for Internet, Browsers and Tools scripts design by Gianni Tedesco.
It runs on following operating system: Linux / BSD / Solaris.
Firestorm is an extremely high performance network intrusion detection system (NIDS).
Operating system:Linux / BSD / Solaris
Firestorm 0.5.5 script details 
