Section: .. / UNIX / IDS /
| /// File Name: |
sherpa-0.1.3.tar.gz |
Description:
|
sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.
| | Author: | Rick Crelia | | Homepage: | http://sherpa.lavamonkeys.com/ | | File Size: | 43362 | | Last Modified: | Oct 20 15:21:54 1999 |
| MD5 Checksum: | 8bbb31cc9de6a094556aef48cb9d2410 |
|
| /// File Name: |
FCheck_2.07.45.tar.gz |
Description:
|
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Mike Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | File Size: | 23899 | | Last Modified: | Oct 20 14:50:02 1999 |
| MD5 Checksum: | 88d587fa9a0254f370db3c4d569dc4bb |
|
| /// File Name: |
tailbeep-0.2.tar.gz |
Description:
|
Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
| | Author: | Tommy. | | File Size: | 8670 | | Last Modified: | Oct 19 14:51:19 1999 |
| MD5 Checksum: | b3cbddae198819c742871b1a6324fc1f |
|
| /// File Name: |
iplimit-0.9.tar.gz |
Description:
|
IPLimit is a security tool to prevent some denial of services on common internet daemons. It will dynamically reject connections from hosts thatalready connected too many times on the same service or the same server. And only these strobe makers will be rejected, not trusted people. IPLimit is fully configurable : you can, for instance, allow 40 connections per second for SMTP, and only 1 per minute for Telnet. It needs the TCPREMOTEIP and TCPLOCALPORT environment variables, so that IPLimit has to be used with a super-server like G2S or TCPServer. You can also use any other inetd variant if you have the tcp-env program (from Qmail). IPLimit was tested on Linux but should work on any other Unix implementation with or without minor changes.
| | File Size: | 10387 | | Last Modified: | Oct 7 15:16:33 1999 |
| MD5 Checksum: | 088f855c05f1c5f31edfe28796439eaa |
|
| /// File Name: |
tcp_wrappers_7.6.BLURB |
Description:
|
Blurb for tcp_wrappers_7.6.tar.gz
| | File Size: | 1736 | | Last Modified: | Oct 5 18:31:44 1999 |
| MD5 Checksum: | 627fc45308e852c446c3606647fa8c34 |
|
| /// File Name: |
tcp_wrappers_7.6.tar.gz |
Description:
|
Wietse Venema's tcp wrapper. The package provides tiny daemon wrapper programs that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications.
| | File Size: | 99438 | | Last Modified: | Oct 5 18:31:39 1999 |
| MD5 Checksum: | e6fa25f71226d090f34de3f6b122fb5a |
|
| /// File Name: |
decfingerd-0.7.tar.gz |
Description:
|
decfingerd 0.7: The Deception Finger Daemon. This program will take place of the original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system. Tested on: Linux 2.2.7 -- GCC 2.7.2.3, Solaris 2.7 -- EGCS 1.1.1, OpenBSD 2.5 -- GCC 2.8.1.
| | Author: | Jon Beaton | | File Size: | 3665 | | Last Modified: | Oct 4 15:53:28 1999 |
| MD5 Checksum: | e23d3683edd18ead71ac04d9708aa0d6 |
|
| /// File Name: |
sockstat.c |
Description:
|
SocketStat v1.0 - by Richard Steenbergen and Drago. Inspired by dreams, coded by nightmares. Nifty way to find which processes are using what sockets, Can be used to detect users who clone on irc, connect where they shouldn't (bots on non-bot servers), are running hidden servers, etc.
| | File Size: | 8826 | | Last Modified: | Sep 30 16:30:27 1999 |
| MD5 Checksum: | f00ff838c3e2432ccc6b04826912c153 |
|
| /// File Name: |
killerd-0_2.tar.gz |
Description:
|
A daemon which kills shells with idle time above a certain limit.
| | Author: | Martin Mares | | File Size: | 4958 | | Last Modified: | Sep 30 16:28:13 1999 |
| MD5 Checksum: | 66d631dcc7c53f6bbe6e6f449ed3e351 |
|
| /// File Name: |
tcpreplay-1.0.1.tar.gz |
Description:
|
Tcprelay v1.0.1 - Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
| | File Size: | 252686 | | Last Modified: | Sep 23 01:36:39 1999 |
| MD5 Checksum: | 4b9335761e9202abfc175c06b169e991 |
|
| /// File Name: |
fragrouter-1.6.tar.gz |
Description:
|
Fragrouter v1.6 - Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs.
| | File Size: | 277726 | | Last Modified: | Sep 23 01:36:37 1999 |
| MD5 Checksum: | 73fdc73f8da0b41b995420ded00533cc |
|
| /// File Name: |
rpc_gotcha_beta1.0-Sep-Tue-99-12.ta..> |
Description:
|
Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks.
| | Author: | Chad Renfro | | File Size: | 9285 | | Last Modified: | Sep 17 14:42:12 1999 |
| MD5 Checksum: | f5b3648c6088111ec72e16652246bc3a |
|
| /// File Name: |
aafid2-0.10.tar.gz |
Description:
|
AAFID is a distributed monitoring and intrusion detection system that employs small stand-alone programs/Agents to perform monitoring functions in the hosts of a network. AAFID uses a hierarchical structure to collect the information produced by each agent, by each host, and by each set of hosts, to be able to detect suspicious activity. This release is a prototype and does not implement full functionality. All modules of the system are written in Perl, and thus it is extremely portable. Although some of the Agents included with AAFID2 perform NIDS functionality, the system as a whole is a host-based intrusion detection system.
| | Homepage: | http://www.cerias.purdue.edu/coast/projects/autonomous-agents.html | | File Size: | 1476810 | | Last Modified: | Sep 10 20:40:00 1999 |
| MD5 Checksum: | ac5bfe89ee4e9b1485c41b91af072d46 |
|
| /// File Name: |
aide-0.4.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | File Size: | 182481 | | Last Modified: | Aug 25 07:53:47 1999 |
| MD5 Checksum: | 0eb1a79e5e0b96f876033310ee047535 |
|
| /// File Name: |
drawbridge-2.0.1.tar.gz |
Description:
|
Packet filter that allows you to control IP packets going to and from your LAN and the Internet.
| | File Size: | 429364 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 575fa565254832e202340636c7d72b1f |
|
| /// File Name: |
hummer-A-062799.tar.gz |
Description:
|
See above.
| | File Size: | 981941 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | bfbccb1fe39714dd690884c98296b5c4 |
|
| /// File Name: |
icmpinfo-1.11.tar.gz |
Description:
|
Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
| | File Size: | 13712 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 65c3acdf2f87f9ab9aa1a055d76f8976 |
|
| /// File Name: |
unix.zip |
Description:
|
unix.zip
| | File Size: | 45314377 | | Last Modified: | Aug 16 20:03:14 1999 |
| MD5 Checksum: | 602820f7be369655bb30e58b50337e63 |
|
| /// File Name: |
bgcheck-0.5.tar.gz |
Description:
|
bgcheck 0.5 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
| | Author: | blue | | Changes: | added support for long usernames, fixed ftpd spawn detection to work with proftpd, possibly others. | | File Size: | 6206 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | a9f62bd27c830d84b9d7d2c4665f6f2a |
|
| /// File Name: |
ctm-1.2.tar.gz |
Description:
|
ctm 1.2 - CTM is an SNMP interface statistics gatherer which works as a daemon and polls SNMP capable routers in regular intervals and puts the gathered information into a database. Information gathered includes operational status of the interface, octets and packets sent and received, line errors, and queue discards, but CTM can easily be changed to log any interface specific SNMP variable. CTM comes with an example report script which gives traffic and line error summaries for certain periods of time.
| | Author: | Lars Fenneberg | | Changes: | Version 1.2 corrects delta counters accordingly when the router is rebooted. | | File Size: | 29374 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 31d9138ff9dc261b78c50092649863e1 |
|
| /// File Name: |
decfingerd-0.6.tar.gz |
Description:
|
dfingerd v0.6 takes the place of your original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system.
| | Author: | Jon Beaton | | File Size: | 3164 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | def43c1a780975756a13905667886685 |
|
| /// File Name: |
gogmagog-4.tar.gz |
Description:
|
gogmagog 4 - GogMagog is a multiplatform sysadmin tool for monitoring the integrity of networkwide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is relatively network architecture independent. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface (named GogView) on the server. GogMagog works on Linux, AIX, HP-UX and Solaris.
| | Author: | C. Parisel | | Changes: | encrypted profiles, security improvements. | | File Size: | 31625 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 973b264138f4cc0f732242cd96f7d54c |
|
| /// File Name: |
lslk_1.25_W.tar.gz |
Description:
|
lslk_1.25_W.tar.gz
| | File Size: | 80900 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 89818f576e10d560f8f806ea8894ff8f |
|
| /// File Name: |
slocate-1.6.tar.gz |
Description:
|
Secure Locate 1.6 - Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to. It is a bit slower than the GNU locate, but thats the price for security.
| | Author: | Kevin Lindsay | | Changes: | Optimized some code to make updating the database much faster, patched to allow smoother installation on FreeBSD, and some other minor bug fixes. | | File Size: | 19413 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 6096f7b0e4c4761bb2257dd83405bdb9 |
|
| /// File Name: |
swatch-3.0b1.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 17819 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 5969ec109979acd91b743815dda20a18 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
