Firestorm review

by on

Firestorm is an extremely high performance network intrusion detection system (NIDS)

License: GPL (GNU General Public License)
File size: 226K
Developer: Gianni Tedesco
0 stars award from

Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible. Firestorm performs a lot better than all other systems I have tested (such as snort and prelude) by as much as a factor of 2 (and thats under favourable conditions, it way outstrips the competition under a targeted DoS attack).

A Network Intrusion Detection System is a system which can identify suspicious patterns in network traffic. If a firewall is a doorman, a NIDS is an undercover KGB agent. He silently gathers intelligence and can watch an enemy even if the door security has already let them in (maybe the enemy can make fake identification documents).

Tested Platforms

Linux 2.x
FreeBSD 4.x
Should compile and run on any mainstream UNIX really...

Here are some key features of "Firestorm":
Protocol anomaly detection
Full application layer decodes
Fully pluggable
High performance OS Specific capture module for Linux
Capture from libpcap files (normal AND redhat extended)
Packet decode engine fully supports encapsulation
Decode plugins included for many protocols (see below)
Comprehensive snort rule support
Wu-Manber setwise string matching
Easy to configure; just one config file
Can run chroot and with lowered privs (when started as root)
Can run as a realtime process (when started as root)
Preprocessors to allow supplementary modes of detection (eg: anomaly)
Full IP defragmentation (passes fragroute evasion tests)
TCP stateful inspection with window tracking
Intelligent TCP stream reassembly
HTTP URL normalization
EXTREMELY fast and scalable signature engine
Configurable token-bucket rate-limiting of any alerts
GNOME2 based analyst console user interface
Enhanced logging format for ease of analysis
ELOG indexing for lightning fast sorting and filtering of alerts

Firestorm keywords