.:[ packet storm ]:.
                               
plan for the worst
plan for the worst

 Section:  .. / UNIX / IDS  /

Also see UNIX Network Logging Utilities.

Page 18 of 22
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 >> Files 425 - 450 of 531
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: ninja-0.1.1.tar.bz2
Description:
 Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.
Author:Tom Rune Flo
Homepage:http://forkbomb.org/ninja/
Changes:Minor updates.
File Size:10591
Last Modified:Aug 19 01:14:13 2005
MD5 Checksum:deb27909168eb6707fb5a139eef80571

 ///  File Name: iplimit-0.9.tar.gz
Description:
 IPLimit is a security tool to prevent some denial of services on common internet daemons. It will dynamically reject connections from hosts thatalready connected too many times on the same service or the same server. And only these strobe makers will be rejected, not trusted people. IPLimit is fully configurable : you can, for instance, allow 40 connections per second for SMTP, and only 1 per minute for Telnet. It needs the TCPREMOTEIP and TCPLOCALPORT environment variables, so that IPLimit has to be used with a super-server like G2S or TCPServer. You can also use any other inetd variant if you have the tcp-env program (from Qmail). IPLimit was tested on Linux but should work on any other Unix implementation with or without minor changes.
File Size:10387
Last Modified:Oct 7 15:16:33 1999
MD5 Checksum:088f855c05f1c5f31edfe28796439eaa

 ///  File Name: detect-satan.tar
Description:
 Unavailable.
File Size:10240
Last Modified:Aug 16 20:02:16 1999
MD5 Checksum:bef823cc3f22aa411694cb5d7f0327e7

 ///  File Name: sysmon.tar
Description:
 This script, run on a regular (daily) basis, keeps tabs on root accounts and set[ug]id root files.
File Size:10240
Last Modified:Aug 16 20:02:21 1999
MD5 Checksum:3e11720e7ea1d158a068a1dba02739ba

 ///  File Name: tailbeep-0.41.tar.gz
Description:
 Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
Author:Tommy.
Homepage:http://soomka.com
Changes:The Ability to specify a message to speak instead of the line in the watched file (using -p), the old -p has been moved to -P to speak the line in the file, and the -V (version) and -S (sleep time) options have been added.
File Size:10122
Last Modified:Oct 26 15:01:31 1999
MD5 Checksum:09af9ef12d56fe02fa381a2c671aa959

 ///  File Name: scanlogd.c
Description:
 Example port scan detection tool. Pseudo code.
File Size:10069
Last Modified:Aug 16 20:02:17 1999
MD5 Checksum:f06b8f9647890ac88eba709179ae4bd9

 ///  File Name: ywho-1.9.tar.gz
Description:
 ywho v1.9 is a who-type utility displaying not only who is logged in, but also general system information and commands run by the users. Includes a rwhod replacement with central server, allowing user information to be gathered across routers.
Author:Martin Mares
File Size:10042
Last Modified:Aug 16 20:02:40 1999
MD5 Checksum:300aa7a26c3b763947633c12c7218b1f

 ///  File Name: ninja-0.1.0.tar.bz2
Description:
 Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.
Author:Tom Rune Flo
Homepage:http://forkbomb.org/ninja/
File Size:10011
Last Modified:Aug 18 04:02:49 2005
MD5 Checksum:ff28fafa11525573e22a075fcdbfd7a3

 ///  File Name: filetraq-0.1.tgz
Description:
 FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
Author:Jeremy Weatherford
Homepage:http://filetraq.xidus.net
File Size:9985
Last Modified:Jan 2 14:06:59 2000
MD5 Checksum:80f29eda6ce691762a12d222dbd742d8

 ///  File Name: passfing.tar.gz
Description:
 A perl script that passively fingerprints OSes based on signatures.
Author:Craig Smith
File Size:9861
Last Modified:May 16 17:25:04 2000
MD5 Checksum:6021a9992e1d522783d586f3b60780f5

 ///  File Name: securelib.tar.gz
Description:
 Protect your RPC daemons against unauthorized access. Shared library for SunOS 4.1 and later.
File Size:9766
Last Modified:Aug 16 20:02:15 1999
MD5 Checksum:2d149f795d1dbcabd85e29225fcac6a3

 ///  File Name: nfr-mod.tar.gz
Description:
 L0pht NFR IDS Modules - examples of how to implement IDS functionality with NFR.
Author:L0pht Heavy Industries
File Size:9401
Last Modified:Aug 16 20:02:32 1999
MD5 Checksum:6514c6939333a8350738a4aff6d2a4e7

 ///  File Name: tcpstatflow_v1.1.tgz
Description:
 TCPStatFlow is a tool for network administrators which detects covert network tunnels running on ports which are accepted by most outbound firewalls by sniffing the network and measuring the symmetry of the data sent. HTTP / HTTPS / FTP / SMTP / POP3 protocols send much more data one direction than the other, and if a ssh server is set up on these ports, this tool will detect it by noticing that the amounts of data sent don't look like the protocol which is supposed to run on that port.
Author:fryxar
Homepage:http://www.geocities.com/fryxar
File Size:9338
Last Modified:Nov 21 13:32:20 2003
MD5 Checksum:40e65e3771f0d7e8d24e43286b1ecc0c

 ///  File Name: rpc_gotcha_beta1.0-Sep-Tue-99-12.ta..>
Description:
 Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks.
Author:Chad Renfro
File Size:9285
Last Modified:Sep 17 14:42:12 1999
MD5 Checksum:f5b3648c6088111ec72e16652246bc3a

 ///  File Name: tocsin116.tar.gz
Description:
 toscin is a basic IDS system that uses packet filtering to warn against possible attacks against specified services. It basically watches the local network for SYN connections to certain services, and sends notification. Solaris 2.x possibly others.
Homepage:http://www.eng.auburn.edu/users/doug/second.html
File Size:9245
Last Modified:Dec 12 17:32:34 1999
MD5 Checksum:65a7bb6db5dc3be7060bd1e5d7bbb134

 ///  File Name: tailbeep-0.3.tar.gz
Description:
 Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
Author:Tommy.
Homepage:http://soomka.com
Changes:Speech (through speechd) and a debug option.
File Size:9042
Last Modified:Oct 22 17:43:36 1999
MD5 Checksum:a735879e8c6948b88c63f21c4c57532b

 ///  File Name: viperdb-0.9.7.tar.gz
Description:
 ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
Author:Peter Surda
Homepage:http://panorama.sth.ac.at/viperdb
Changes:This release adds bugfixes in symlink handling, improved detecting of corrupted databases, and a directory-specific option to ignore mtime changes. Upgrading and re-initing of databases is recommended.
File Size:8976
Last Modified:Mar 9 21:18:05 2001
MD5 Checksum:e521d9db7b17c8e4294fb38937128d88

 ///  File Name: viperdb-0.9.8.tar.gz
Description:
 ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
Author:Peter Surda
Homepage:http://panorama.sth.ac.at/viperdb
Changes:Bug fixes.
File Size:8912
Last Modified:Mar 16 20:36:17 2001
MD5 Checksum:06e45f947a32c646357c66ef6e6cec25

 ///  File Name: sockstat.c
Description:
 SocketStat v1.0 - by Richard Steenbergen and Drago. Inspired by dreams, coded by nightmares. Nifty way to find which processes are using what sockets, Can be used to detect users who clone on irc, connect where they shouldn't (bots on non-bot servers), are running hidden servers, etc.
File Size:8826
Last Modified:Sep 30 16:30:27 1999
MD5 Checksum:f00ff838c3e2432ccc6b04826912c153

 ///  File Name: tailbeep-0.2.tar.gz
Description:
 Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)
Author:Tommy.
File Size:8670
Last Modified:Oct 19 14:51:19 1999
MD5 Checksum:b3cbddae198819c742871b1a6324fc1f

 ///  File Name: attackwatch-0.0.1.tgz
Description:
 Attackwatch is intended to enhance the security of small private networks that are already protected by a restrictively configured firewall but which still have a few ports open. Attackwatch will analyze the firewall output in near-realtime and will run scripts in response to incoming packets that got logged.
File Size:8587
Last Modified:Apr 22 14:32:02 2001
MD5 Checksum:ec92a6f2524a4b294d6cf9f451278d66

 ///  File Name: ttysnoop-0.12d.tar.gz
Description:
 TTYSnoop allows you to snoop on login tty's through another tty-device or pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it.
Author:Carl Declerck
Changes:Cleanups/updates for compilation on newer Linux systems, such as RH5.
File Size:8514
Last Modified:Dec 14 15:59:54 1999
MD5 Checksum:8363519ecbf51eb643f502067be0e0fc

 ///  File Name: viperdb-0.9.6.tar.gz
Description:
 ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
Author:Peter Surda
Homepage:http://panorama.sth.ac.at/viperdb
Changes:Fixes for bugs introduced by the 0.9.5 rewrite, new/strengthened internal security checks, and minor updates.
File Size:8488
Last Modified:Mar 5 19:11:27 2001
MD5 Checksum:49900d5fbfa3364c1025430316cac4d6

 ///  File Name: ttysnoop-0.12c.tar.gz
Description:
 The package allows you to snoop on login tty's through another tty-device or pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it.
File Size:8362
Last Modified:Aug 16 20:02:21 1999
MD5 Checksum:85ba8fcac7b1a3a103fe632eef26a92d

 ///  File Name: argus-1.5.patch
Description:
 See below.
File Size:8344
Last Modified:Aug 16 20:02:15 1999
MD5 Checksum:e7f04e2791ce3f4d2248c5ebe0a52e02
 

 ///  Last 10 Files
  1. :· MDVSA-2008-235.txt
  2. :· cambridge-sql.txt
  3. :· verlihub-exec.txt
  4. :· DDIVRT-2008-15.txt
  5. :· openssh-cbc-adv.txt
  6. :· joomlathyme-sql.txt
  7. :· BitDefenderDOS.zip
  8. :· fwknop-1.9.9.tar.gz
  9. :· kvirc-exec.txt
  10. :· vcalendar-disclose.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· MDVSA-2008-235.txt
  2. :· DDIVRT-2008-15.txt
  3. :· openssh-cbc-adv.txt
  4. :· ZDI-08-076.txt
  5. :· ZDI-08-075.txt
  6. :· MDVSA-2008-233.txt
  7. :· SSRT080059.txt
  8. :· MDVSA-2008-220-1.txt
  9. :· MDVSA-2008-232.txt
  10. :· USN-674-1.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· cambridge-sql.txt
  2. :· verlihub-exec.txt
  3. :· joomlathyme-sql.txt
  4. :· BitDefenderDOS.zip
  5. :· kvirc-exec.txt
  6. :· vcalendar-disclose.txt
  7. :· toursmanager-blindsql.txt
  8. :· phprsgal-sql.txt
  9. :· natterchat-sql.txt
  10. :· php526-bypass.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· fwknop-1.9.9.tar.gz
  2. :· pysumpas-0.2.0.tar.gz
  3. :· framework-3.2.tar.gz
  4. :· tor.uclibc.i686.20081115.iso
  5. :· RFIDIOt-Windows-0.1u.zip
  6. :· RFIDIOt-0.1u.tgz
  7. :· dps-v1.5.tar.gz
  8. :· smbrelay3.zip
  9. :· mptrey.tar.gz
  10. :· dotnetsploitsrc-1.0.zip
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· java2-malware.pdf
  2. :· return-to-libc-linux.txt
  3. :· stack-overflow-linux.txt
  4. :· smallest_setuid_execve_sc.c
  5. :· sudoers-shellcode.txt
  6. :· strongswan-4.2.9.tar.gz
  7. :· hodetector-shellcode.txt
  8. :· rtm-essential5.pdf
  9. :· unixasm-1.3.0.tar.gz
  10. :· bnd-networks.pdf
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice