Checkout security onion. Its got a pretty nice suite of tools and can run a (or many) dedicated sensor system and communicate back to a central system.
As for SSL MITM, see the recent nanog thread for a full layer 2 to layer 8 ramifications of that activity. For ssh mitm, I don't know of any tools. I'm looking for one. On February 14, 2015 12:57:29 PM CST, Jimmy Hess <mysi...@gmail.com> wrote: >On Sat, Feb 14, 2015 at 2:38 AM, Randy Bush <ra...@psg.com> wrote: > >Bro, SNORT, SGUIL, Tcpdump, and Wireshark are some nice tools. > >By itself, a single install of Snort/Bro is not necessarily a complete >IDS, as it cannot inspect the contents of outgoing SSL sessions, so >there can still be Javascript/attacks against the browser, or SQL >injection attempts encapsulated in the encrypted tunnels; I am not >aware of an open source tool to help you with SSH/SSL interception/SSL >decryption for implementation of network-based IDS. > >You also need a hand-crafted rule for each threat that you want Snort >to identify... >Most likely this entails making decisions about what commercial >ruleset(s) you want to use and then buying the appropriate >subscriptions. > > >> if you were comfortable enough with freebsd to use it as a firewall, >you >> can run your traffic through, or mirror it to, a freebsd box running >> https://www.bro.org/ or >> https://www.snort.org/ >> two quite reasonable and powerful open source systems >> >> randy >-- >-JH > >!DSPAM:54df9aed198762108866735! -- Sent from my Android device with K-9 Mail. Please excuse my brevity.