Section: .. / UNIX / IDS /
| /// File Name: |
bubblegum-1.0.tar.gz |
Description:
|
Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, logging the changes. It can run an external command, read files from a filelist, and more.
| | Homepage: | http://cyclic.sourceforge.net/bubblegum | | Changes: | A fix for a Linux compile problem, syslogd support, and a couple of other bugfixes. | | File Size: | 15752 | | Last Modified: | Mar 8 01:48:57 2002 |
| MD5 Checksum: | 1389a0c513dd703700de51cd7301a084 |
|
| /// File Name: |
mod_protection-0.0.1.tar.gz |
Description:
|
Mod_Protection is an apache module that integrate basic function of an IDS (intrusion detection system) and of a firewall (not yet). Your apache administrator have only to install mod_protection and define rules. When a malicious client sends a request that matches on your rules the administrator will be warned and the client gets a user defined page or a error or something that notifies that now he will be persecuted or ... The warning system just write on a socket, so you can put on the other side of the socket an application that send you a mail, an SMS, a message in your favorite IM or a notify in your IRC client.
| | Author: | Yaroze | | Homepage: | http://www.twlc.net | | File Size: | 26222 | | Last Modified: | Mar 6 12:33:27 2002 |
| MD5 Checksum: | 6fb1604b85b63660b43d0806103a3d84 |
|
| /// File Name: |
nabou-2.0.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | Fixed some major bugs. | | File Size: | 51477 | | Last Modified: | Feb 19 02:47:35 2002 |
| MD5 Checksum: | 0c60cccfe62bccc9121edfdcd307f2ed |
|
| /// File Name: |
aide-0.8.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Lots of bugs were fixed! A syslog backend was added. The report format was changed. Lots of parameters were added. ACL support for SunOS 5.x (and compatibles) was added. libgcrypt is now separate and required. | | File Size: | 197272 | | Last Modified: | Feb 19 02:43:06 2002 |
| MD5 Checksum: | 84b608ccf5051d41a8ccfee87ced5428 |
|
| /// File Name: |
samhain-1.4.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes a bug that on some machines caused the daemon to abort immediately after startup. Also a bug has been fixed that caused unnecessary device access by erroneously following symlinks to devices. | | File Size: | 703757 | | Last Modified: | Feb 19 02:30:21 2002 |
| MD5 Checksum: | c618ffeb8a3066131770171dae1ae4e7 |
|
| /// File Name: |
monitord-4.0beta.tar.gz |
Description:
|
The Network Security Monitor Daemon is a lightweight (distributed?) network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
| | Homepage: | http://sourceforge.net/projects/monitord | | Changes: | Improved security - No threads run as root. Added a new statistical thread and an HTTP server thread (which serves statistics in XML/XSL). | | File Size: | 34185 | | Last Modified: | Dec 18 01:02:29 2001 |
| MD5 Checksum: | ce6dfe55f8de34afa03e3e5d51685b7a |
|
| /// File Name: |
swatch-3.0.4.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 24157 | | Last Modified: | Nov 14 03:00:20 2001 |
| MD5 Checksum: | ce290dd2cae6ce834f59e24d97a30d3b |
|
| /// File Name: |
demarc-1.05-stable.tar.gz |
Description:
|
Unavailable.
| | File Size: | 199214 | | Last Modified: | Nov 12 21:16:23 2001 |
| MD5 Checksum: | c7e9585b1c50df16c7c97566dffbc9e6 |
|
| /// File Name: |
firestorm-0.2.2.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Many snort compatibility fixes were made. All the snort 1.7 rules work. Most of the snort 1.8 rules work. Lots of bugs were fixed. | | File Size: | 179057 | | Last Modified: | Sep 27 01:22:02 2001 |
| MD5 Checksum: | 3d4249dc04cb8ae49d422e4bbcadb656 |
|
| /// File Name: |
netl-1.09.tar.gz |
Description:
|
netl v1.09 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback which provides functionality not found in similar programs. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
| | Author: | Graham Ollis | | Homepage: | http://www.netl.org | | Changes: | Added perl/Tk interface, fixed some bugs. | | File Size: | 275120 | | Last Modified: | Sep 19 20:43:20 2001 |
| MD5 Checksum: | 8bd85e4f9398ec16cdee9dfe9577628b |
|
| /// File Name: |
LaBrea.tgz |
Description:
|
LaBrea v2.0 is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
| | Author: | Tom Liston | | Homepage: | http://www.hackbusters.net/LaBrea | | Changes: | New command line option -p to keep tcp connections in the "persist" state, which can hold on to threads for a long time. | | File Size: | 23860 | | Last Modified: | Sep 18 23:23:53 2001 |
| MD5 Checksum: | 7365fb2beff6fa486908a1419e0de0ae |
|
| /// File Name: |
swatch-3.0.2.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://oit.ucsb.edu/~eta/swatch | | Changes: | Defaults to /var/adm/messages now. Lots of bugs were fixed. | | File Size: | 24250 | | Last Modified: | Sep 6 01:46:02 2001 |
| MD5 Checksum: | 609a50a2c089417f76a6d13635407463 |
|
| /// File Name: |
firestorm-0.2.1.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Sensors can now send data out to a central server over the Internet. Some bugs were fixed, and work on a firestorm daemon was started. | | File Size: | 173227 | | Last Modified: | Sep 5 02:10:26 2001 |
| MD5 Checksum: | f04e16e415bf5112909eaa51ad2ba81c |
|
| /// File Name: |
prelude-0.4.2.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Fixes for people with dynamic IP addresses, a fix for a bug where inversed tests were wrongly reported, a fix for a crash on startup, and other bug fixes. | | File Size: | 922584 | | Last Modified: | Aug 30 02:22:30 2001 |
| MD5 Checksum: | bf008dcec206d595bf8cc43fbf60ce76 |
|
| /// File Name: |
prelude-0.4.1.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Better configuration, a new Arpspoof detection plugin which detects several ARP attacks, and bug fixes. | | File Size: | 996042 | | Last Modified: | Aug 18 22:10:41 2001 |
| MD5 Checksum: | 2db2101c4e883c43da13c8b73bc59c66 |
|
| /// File Name: |
prelude-0.4.0.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Includes a new signature engine which can can read Snort rulesets. The protocol plugins telnet (Handle telnet/FTP negotiation character), rpc (Handle the rpc protocol, provide the RPC key used in several Snort rulesets), http (Handle the uricontent key used in the Snort ruleset) have been added. There is a new XML reporting plugin, and lots of bugfixes. | | File Size: | 989953 | | Last Modified: | Aug 17 19:43:31 2001 |
| MD5 Checksum: | f8808d9a5a30a07ce3a985233a0b9b08 |
|
| /// File Name: |
coderedwarn0_0b2.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | Changes: | The recipient list has been adjusted to be more SMTP-compliant. A suggested way to run without keeping bounce messages in queue has been provided. SMTP connections are tested on the remote host before sending, and the 404 on home page download has been fixed. | | File Size: | 5185 | | Last Modified: | Aug 11 17:09:52 2001 |
| MD5 Checksum: | 6fe77e9e6963429809eeb9bc90c79f54 |
|
| /// File Name: |
coderedwarn0.0b.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | File Size: | 4896 | | Last Modified: | Aug 11 05:33:21 2001 |
| MD5 Checksum: | 3a2b8840b784ba2af90b3188be12c8e2 |
|
| /// File Name: |
acid-0.9.6b12.tar.gz |
Description:
|
The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of incidents generated by security software such as IDS's and firewalls (e.g., Snort or ipchains). It provides a search interface for finding alerts matching practically any criteria, including arrival time, signature time, source/dest address/port, flags, payload, etc. ACID also provides the ability to annotate and logically group related events, delete false positives, or archive alerts among databases. A variety of statistics and graphs can be generated based on time, IP address, ports, alert classification, and sensor.
| | Homepage: | http://acidlab.sourceforge.net | | File Size: | 81899 | | Last Modified: | Aug 4 08:29:14 2001 |
| MD5 Checksum: | 52060fdcb7bf9a5604286396e0f4ba02 |
|
| /// File Name: |
firestorm-0.2.0.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Re-Designed packet encode engine which supports encapsulation. A final few issues in the snort parser have been resolved. A log target (logs to tcpdump files) was added. Bugs were fixed, | | File Size: | 169767 | | Last Modified: | Jul 25 05:07:12 2001 |
| MD5 Checksum: | f48dd7f1d7ff24f5fd12b76f3c91b160 |
|
| /// File Name: |
petrovich-1.0.0.tar.gz |
Description:
|
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
| | Author: | T. Kinch | | Homepage: | http://sourceforge.net/projects/petrovich | | File Size: | 17844 | | Last Modified: | Jul 21 00:13:00 2001 |
| MD5 Checksum: | a5657c6af0796b8738dc0b07563ba464 |
|
| /// File Name: |
portsentry-1.1.tar.gz |
Description:
|
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/abacus/portsentry/ | | Changes: | Added netmask ignoring support, a toggle for DNS lookups, and can prioritize response/external commands. The Linux 2.4 CPU usage bug has been fixed. | | File Size: | 45871 | | Last Modified: | Jul 17 16:40:36 2001 |
| MD5 Checksum: | 782839446b7eca554bb1880ef0882670 |
|
| /// File Name: |
firestorm-0.1.3.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | New TCP flags, ICMP sequence, and ID matchers, bugfixes, a more verbose alert target, and improved documentation. | | File Size: | 144241 | | Last Modified: | Jun 7 14:50:12 2001 |
| MD5 Checksum: | 6535757480bdcaca23579488b294503a |
|
| /// File Name: |
nabou-1.8.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | While 1.7 fixed many bugs, it included some new ones. Everybody who has 1.7 in use is urged to upgrade to 1.8. Directory recursion and some other ugly bugs have been fixed. Two new statements are available, and all features of the program have been tested before release. | | File Size: | 89297 | | Last Modified: | Jun 4 18:09:03 2001 |
| MD5 Checksum: | 943b114cfbbbb3476bbecf7339401589 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
