Section: .. / UNIX / IDS /
| /// File Name: |
xnetsentry-1.0.tgz |
Description:
|
Network sentry tool; uses libpcap.
| | File Size: | 278528 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | 359fbf8dbbb385953d7fcbb678041ce9 |
|
| /// File Name: |
fragrouter-1.6.tar.gz |
Description:
|
Fragrouter v1.6 - Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs.
| | File Size: | 277726 | | Last Modified: | Sep 23 01:36:37 1999 |
| MD5 Checksum: | 73fdc73f8da0b41b995420ded00533cc |
|
| /// File Name: |
treeps-1.1.0.tar.gz |
Description:
|
treeps 1.1.0 - Treeps is a X/Motif program for Unix/Linux that is designed to make monitoring and interacting with the running programs on your system easy and intuative. A "real time" tree view shows the relationships between the processes and is color coded to provide easy interpretation of various values. The process tree displays any combination of users/groups and can be used to drill down into process details and then extract key fields for continous monitoring.
| | Author: | George MacDonald | | Changes: | Process Activity "LED's" to show state/load/priority, leader bars to show /group/session leaders, process tips for mouseover glances at key process info, many icon bar changes, color icons, larger and more icons, much more linux info, better user/group selection from group/user tree dialog, std. usage of colors, better auto sizing of window, many layout changes (esp star layout), RPM packages, KDE install script, man/strace/renice processes, renice subtree, single click kill, and many bug fixes. | | File Size: | 276357 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | 6a8c7ab7b0a851ee9d34a651d4ab2540 |
|
| /// File Name: |
netl-1.09.tar.gz |
Description:
|
netl v1.09 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback which provides functionality not found in similar programs. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
| | Author: | Graham Ollis | | Homepage: | http://www.netl.org | | Changes: | Added perl/Tk interface, fixed some bugs. | | File Size: | 275120 | | Last Modified: | Sep 19 20:43:20 2001 |
| MD5 Checksum: | 8bd85e4f9398ec16cdee9dfe9577628b |
|
| /// File Name: |
honeyd-0.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes and improvements. | | File Size: | 272149 | | Last Modified: | Apr 15 04:29:12 2003 |
| MD5 Checksum: | 3aec5101f44ef21b29c213496d92c1c1 |
|
| /// File Name: |
integrit-4.1.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Fixed exit status, considering missing files correctly as a change. | | File Size: | 271626 | | Last Modified: | Jun 6 18:30:51 2007 |
| MD5 Checksum: | f51a5b558981a5d90e7d6f4e7e269a46 |
|
| /// File Name: |
puresecure-1.6-personal.tar.gz |
Description:
|
Demarc PureSecure is a tool that combines all major aspects of network security into a centralized location. It integrates Network Intrusion Detection using the Snort IDS engine with host-based System Integrity Verification and a distributed plugin-based Extensible Service Monitoring system. Screenshots available here.
| | Homepage: | http://www.demarc.com | | Changes: | Numerous and significant changes made to the current features, and the addition of many more. Lots of bugs were fixed. | | File Size: | 268790 | | Last Modified: | Apr 24 22:28:01 2002 |
| MD5 Checksum: | d608f583c21814c00e80c5f12b82f11d |
|
| /// File Name: |
aide-0.11.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Various bug fixes. | | File Size: | 266978 | | Last Modified: | Feb 25 21:08:59 2006 |
| MD5 Checksum: | 9a44e5386b0355ef57c60f627ff4d085 |
|
| /// File Name: |
radmind-0.9.2.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | User support has been added to the server with PAM, and there is a new version of libsnet. Bugs were fixed. | | File Size: | 266349 | | Last Modified: | Dec 18 12:13:05 2002 |
| MD5 Checksum: | c2ecfdba298bb324f4196ef5d063ba9c |
|
| /// File Name: |
integrit-4.0.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Updated output format for "new" file checksums to match "removed". | | File Size: | 266001 | | Last Modified: | Aug 17 02:26:02 2006 |
| MD5 Checksum: | 2f6a7e28e48b0cbc8214648e3224703b |
|
| /// File Name: |
integrit-3.05.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Documented Chris Johns changes and updated Makefile targets for developers. | | File Size: | 262784 | | Last Modified: | Sep 22 03:22:14 2005 |
| MD5 Checksum: | a251a27f6b815e51c356cf81e8f2dc5e |
|
| /// File Name: |
tcpreplay-1.0.1.tar.gz |
Description:
|
Tcprelay v1.0.1 - Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
| | File Size: | 252686 | | Last Modified: | Sep 23 01:36:39 1999 |
| MD5 Checksum: | 4b9335761e9202abfc175c06b169e991 |
|
| /// File Name: |
review-1.5.tar.gz |
Description:
|
review-1.5.tar.gz
| | File Size: | 251932 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 9c76f06e2eff65cf2c7b525fc4068008 |
|
| /// File Name: |
grundschober_1998.letter.ps.gz |
Description:
|
Sniffer Detector Report, Diploma Thesis, June 1998.
| | Author: | Stephane Grundschober | | File Size: | 242029 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 5ac207af8e5c5de735b4ae595fbbc7ca |
|
| /// File Name: |
radmind-0.9.3.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Fixed connection accepting code, added argument checking, and various other bug fixes. | | File Size: | 238988 | | Last Modified: | Jan 27 13:41:21 2003 |
| MD5 Checksum: | a1f5f6d35263239c8e9ed78bea69ad7b |
|
| /// File Name: |
top-3.5beta9.tar.gz |
Description:
|
Top - A Top-CPU Usage Display provides a rolling display of top-CPU using processes on a Unix system. It also displays other information about the overall health of the system, including load averages and memory utilization. Numerous portability patches and optimizations in this release.
| | Author: | William LeFebvre | | File Size: | 234762 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | 70d5f5461bb45a53c207557c354e8108 |
|
| /// File Name: |
firestorm-0.4.6.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Fixed a bug which caused tcpdump log files to get overwritten. The TCP state tracking code was completely rewritten and is now much more accurate and efficient. Support for HTTP URI content matching was added. Snort signatures are now bundled with default packages. | | File Size: | 226441 | | Last Modified: | Aug 21 01:52:18 2002 |
| MD5 Checksum: | e8be7fbdee729a9e2d862d16fcbcefc3 |
|
| /// File Name: |
aide-0.7.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Bug fixes, support for compressed database using zlib, and updated Mhash support along with linkname checking. | | File Size: | 219837 | | Last Modified: | May 9 18:52:22 2000 |
| MD5 Checksum: | 0b2ed9eb3b608a19418800b87f5be848 |
|
| /// File Name: |
aide-0.9.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Now has the ability to compare two databases, support for using HMAC to verify configuration and the database, and includes bugfixes. | | File Size: | 216096 | | Last Modified: | Jun 5 01:14:41 2002 |
| MD5 Checksum: | 877b1f515a9e25afda75e06805d687fb |
|
| /// File Name: |
aide-0.6.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | A lot of bug fixes. MD-sums were again broken; please update. | | File Size: | 212475 | | Last Modified: | Feb 8 13:55:35 2000 |
| MD5 Checksum: | 3697a80834816c022756acdbb4c8ec21 |
|
| /// File Name: |
top-3.5beta6.tar.gz |
Description:
|
A Top-CPU Usage Display.
| | Author: | William LeFebvre | | File Size: | 209405 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 4627b01bde558f4fcb3d8dbd0ad10a07 |
|
| /// File Name: |
capture-server-2.1.0-300-src.zip |
Description:
|
Capture is a high interaction client honeypot / honeyclient. A client honeypot/ honeyclient is a security technology that allows one to find malicious servers on a network. Capture identifies malicious servers by interacting with potentially malicious servers using a dedicated virtual machine and observing its system state changes. If a system state change is detected, since no other activity occurs on the dedicated client machine, the server Capture interacted with is classified as malicious. This is the source code for the server.
| | Homepage: | https://projects.honeynet.org/capture-hpc | | File Size: | 207257 | | Last Modified: | Apr 29 20:29:45 2008 |
| MD5 Checksum: | 34ea2bc70bcba80e269f0064e798c9e8 |
|
| /// File Name: |
prosum_0.28.tgz |
Description:
|
ProSum is a console based program that protects your files, sys_call_table and IDT in a manor similar to tripwire (All in user space, without kernel modules). In addition, database with files etc. could be encrypted with Blowfish algorithm and files that are protected could be store at any secure/bastion host to later replace them. ProSum could be run on any UNIX system, at least with file protect mode (without IDT and sys_call_table support).
| | Author: | Fkt | | Homepage: | http://prosum.sourceforge.net | | File Size: | 206508 | | Last Modified: | Sep 12 07:20:00 2002 |
| MD5 Checksum: | c1b76d2566d99e47f62152a0465e73c7 |
|
| /// File Name: |
demarc-1.05-stable.tar.gz |
Description:
|
Unavailable.
| | File Size: | 199214 | | Last Modified: | Nov 12 21:16:23 2001 |
| MD5 Checksum: | c7e9585b1c50df16c7c97566dffbc9e6 |
|
| /// File Name: |
aide-0.8.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Lots of bugs were fixed! A syslog backend was added. The report format was changed. Lots of parameters were added. ACL support for SunOS 5.x (and compatibles) was added. libgcrypt is now separate and required. | | File Size: | 197272 | | Last Modified: | Feb 19 02:43:06 2002 |
| MD5 Checksum: | 84b608ccf5051d41a8ccfee87ced5428 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
