Section: .. / UNIX / IDS /
| /// File Name: |
libnids-1.19.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Multiple bug fixes. | | File Size: | 115758 | | Last Modified: | Aug 9 17:37:18 2004 |
| MD5 Checksum: | 863125dbcc43d1ac8c044622e5b08787 |
|
| /// File Name: |
servme.tar |
Description:
|
Servme is a small daemon that listens on a port and logs the contents of all incoming connections to a file. New release allows emulation of ssh, Apache, VS-FTPD, telnetd, and generic open ports.
| | Author: | Chris | | Homepage: | http://www.cr-secure.net | | File Size: | 20480 | | Last Modified: | Aug 7 16:18:37 2004 |
| MD5 Checksum: | c317394522eebf8b04cb1b4ff4cfe6b5 |
|
| /// File Name: |
impost-0.1pre1.tar.gz |
Description:
|
Impost is a multi-purpose scriptable network protocol security auditing tool designed for analyzing network attacks and exploitations while operating as a honey pot or packet sniffer.
| | Author: | ziplock | | Homepage: | http://impost.sourceforge.net/ | | File Size: | 88064 | | Last Modified: | Aug 5 01:50:45 2004 |
| MD5 Checksum: | 2c07ba887fb19ee2ac2727fda42d665b |
|
| /// File Name: |
samhain-1.8.10b.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Bug fixes. | | File Size: | 975332 | | Last Modified: | Jul 20 20:37:12 2004 |
| MD5 Checksum: | 8410ccda7360103a3f57f4ef4bef0e4a |
|
| /// File Name: |
beltane-1.0.6.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | Bug fix. | | File Size: | 173203 | | Last Modified: | Jul 20 20:35:00 2004 |
| MD5 Checksum: | c554bd66b8960516bec6b5e0d40c32ed |
|
| /// File Name: |
samhain-1.8.9.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixed memory leak and various other bugs. | | File Size: | 931731 | | Last Modified: | Jun 22 19:08:40 2004 |
| MD5 Checksum: | 42ec772779c4abfd04f176ac07bfd391 |
|
| /// File Name: |
garuda-0.1.0.tgz |
Description:
|
Garuda is a wireless intrusion detection system (WIDS). It has been designed for detecting war drivers, rogue APs, denial of service attacks, and even MAC spoofing. Rule-based detection, statistics, and enumeration modules included.
| | Author: | Seunghyun Seo | | Homepage: | http://garuda.sourceforge.net | | File Size: | 55702 | | Last Modified: | Jun 7 23:57:19 2004 |
| MD5 Checksum: | 041a387fe921681021f1e02a2633c370 |
|
| /// File Name: |
sid-0.3.5.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 43346 | | Last Modified: | Jun 7 23:44:57 2004 |
| MD5 Checksum: | 40ede1091f7a36800078a85259ff3a1b |
|
| /// File Name: |
samhain-1.8.8.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixed compilation problem on AIX 5.2, various other bug fixes, added Windows HOW-TO. | | File Size: | 920753 | | Last Modified: | May 25 19:37:14 2004 |
| MD5 Checksum: | 046158552b564df10b2de4ff0b492332 |
|
| /// File Name: |
samhain-1.8.7a.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | See documentation. | | File Size: | 956751 | | Last Modified: | May 9 12:48:38 2004 |
| MD5 Checksum: | e5866635c6cc60c9e6dcb2a23aac9ddf |
|
| /// File Name: |
radmind-1.3.0.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Various feature enhancements and bug fixes. | | File Size: | 508114 | | Last Modified: | Apr 21 23:17:00 2004 |
| MD5 Checksum: | 46ef7b08d8e5304751db9d2e45e2488c |
|
| /// File Name: |
honeyd-0.8b.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Several bugs that would cause operating system detection with nmap to fail were fixed along with compilation issues for honeydctl on Linux and *BSD. Support for log rotation via SIGUSR1 was added. | | File Size: | 523808 | | Last Modified: | Apr 20 15:25:23 2004 |
| MD5 Checksum: | 4f287d8d1abe22f96fe74f1318186617 |
|
| /// File Name: |
sid-0.3.4.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 41665 | | Last Modified: | Apr 20 08:02:00 2004 |
| MD5 Checksum: | 56b27dbe49befdd875de879144c968c0 |
|
| /// File Name: |
samhain-1.8.6.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | See documentation. | | File Size: | 916888 | | Last Modified: | Apr 18 20:33:00 2004 |
| MD5 Checksum: | 9196550de81c1a5e76ecb9aef8a238ea |
|
| /// File Name: |
sid-0.3.3.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | File Size: | 41017 | | Last Modified: | Apr 10 12:06:00 2004 |
| MD5 Checksum: | cec3a3f4fec35389049ac63d4df66efe |
|
| /// File Name: |
shoneypot-0.2-7.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | File Size: | 18651 | | Last Modified: | Apr 5 16:11:00 2004 |
| MD5 Checksum: | 7396dfe31a9485dcd5bb023c7dfb93bd |
|
| /// File Name: |
beltane-1.0.5.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | Two bug fixes. | | File Size: | 173059 | | Last Modified: | Mar 24 00:35:00 2004 |
| MD5 Checksum: | d84122404fa52ba9034595d0f30da600 |
|
| /// File Name: |
samhain-1.8.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | See documentation. | | File Size: | 915182 | | Last Modified: | Mar 24 00:33:00 2004 |
| MD5 Checksum: | a01dcf544c30e5d156e8eabd2361d871 |
|
| /// File Name: |
sid-0.3.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | File Size: | 37889 | | Last Modified: | Feb 22 21:52:00 2004 |
| MD5 Checksum: | f1edd0767a8217958f1048b4aeb66fd3 |
|
| /// File Name: |
beltane-1.0.4.tar.gz |
Description:
|
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
| | Homepage: | http://la-samhna.de/beltane | | Changes: | Various bug fixes. | | File Size: | 171577 | | Last Modified: | Jan 26 10:00:00 2004 |
| MD5 Checksum: | a24f53de16dea0be69e012df1b2cb1b6 |
|
| /// File Name: |
samhain-1.8.3.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | See documentation. | | File Size: | 895136 | | Last Modified: | Jan 26 03:01:00 2004 |
| MD5 Checksum: | 5e41a260b616258edaae31d5dd071aa7 |
|
| /// File Name: |
honeyd-0.7a.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes. | | File Size: | 416763 | | Last Modified: | Jan 4 06:14:19 2004 |
| MD5 Checksum: | 04ae109952d274aba4c0ab398e213ef2 |
|
| /// File Name: |
lads-0.8.tar.bz2 |
Description:
|
Login Anomaly Detection System (LADS) detects anomalies in logins and logouts and can perform various actions in response.
| | Author: | Fred | | Homepage: | http://www.lepied.com/lads | | Changes: | Fixes a bug in IP address reporting and a bug that prevented correct logging. | | File Size: | 8151 | | Last Modified: | Dec 14 17:30:36 2003 |
| MD5 Checksum: | 0908e52ffc65a6fa16b7906b60dd2908 |
|
| /// File Name: |
fupids.tgz |
Description:
|
fupids (the fuzzy userprofile intrusion detection system) is a user-profile based IDS for the OpenBSD kernel. It modifies certain syscalls in order to detect suspicious behavior. For example, it watches for network devices being set to promiscuous mode, and it watches for the creation of listen() sockets by users. fupids also handles a program profile for your local users, and it can find attackers who overtake existing accounts.
| | Author: | Steffen Wendzel | | Homepage: | http://www.wendzel.de/?sub=softw&ssub=fupids | | File Size: | 5177 | | Last Modified: | Dec 6 13:37:01 2003 |
| MD5 Checksum: | 791692e1f0a3ea124c366d0f6eeda08f |
|
| /// File Name: |
honeyd-0.7.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Includes a whole bunch of new features, including dynamic templates that allow the honeypots to adapt based on the operating system and source IP addresses of the adversary, passive fingerprinting that allows the identification of the remote host, a tarpit to slow down spammers, and many bugfixes. | | File Size: | 416592 | | Last Modified: | Nov 24 15:22:34 2003 |
| MD5 Checksum: | d05e112d513d0a1ce7b39cded9b0aba5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
