Simple IDS is a very easy to use application designed to detect intrusion attempts and block them.
Mac OS X has a build in firewall that prevents others accessing your system on ports you’re not using. However, the moment you enable a server (deamon) like ftp, ssh, or http you’re also allowing anybody to access that server.
The firewall will allow anybody to enter. Of course your ssh and ftp server can only be used when the visitor has a valid user name and password.
But, with the current Internet speed, intruders can just try hundredths of user names and passwords each minute. There’s no way Mac OS X will stop intruders from trying out more passwords. Simple IDS does!
Simple IDS will keep an eye on the log files used by the ssh-, the ftp- and Apache- server of your server. The moment somebody tries to connect to your ssh- or ftp- server with a wrong user name or password, a counter is increased.
After a configurable number of attempts Simple IDS will automatically add a rule to your firewall (ipfw). This will block the remote computer from accessing your server.
Simple IDS also checks the error log of your Apache web server. If you have a password protected directory on your web server, Simple IDS will guard that too. It doesn’t watch form based logins (like access to a forum you’re running), just directories protected by Apache itself.