http://www.cerias.purdue.edu/coast/projects/autonomous-agents.html AAFID2 is a distributed, agent-based intrusion and misuse detection system, written in Perl. It detects attempts to breach a computer's security, as well as attempts by authorized users to misuse the computer's resources.
http://www.nswc.navy.mil/ISSEC/CID/ Shadow is a distributed intrusion detection system, designed to maximize detection of intruders and minimize the effectiveness of any counter-measures intruders might make.
http://www.snort.org/ Snort is a simple, lightweight package which monitors for specific, known types of attack and/or for specific keywords entered by the administrator. It does not take any action against the attacker, preferring to alert the administrator and file a report in both the snort and system logs.
http://www.info.fundp.ac.be/~cri/DOCS/asax.html ASAX is a very generic system, which handles non-specific, distributed data streams. This system can be used for network intrusion, but is not restricted to this role, and can be used in any situation in which an abnormal data stream can be defined.
http://www.mimestar.com/ Secure Net Pro is a fairly heavyweight distributed package, capable of monitoring any subnet for attacks. Attacks are determined by context and/or content, and are responded to by notifying the administrator and/or terminating the connection.
