Section: .. / UNIX / IDS /
| /// File Name: |
sockstat.c |
Description:
|
SocketStat v1.0 - by Richard Steenbergen and Drago. Inspired by dreams, coded by nightmares. Nifty way to find which processes are using what sockets, Can be used to detect users who clone on irc, connect where they shouldn't (bots on non-bot servers), are running hidden servers, etc.
| | File Size: | 8826 | | Last Modified: | Sep 30 16:30:27 1999 |
| MD5 Checksum: | f00ff838c3e2432ccc6b04826912c153 |
|
| /// File Name: |
killerd-0_2.tar.gz |
Description:
|
A daemon which kills shells with idle time above a certain limit.
| | Author: | Martin Mares. | | File Size: | 4958 | | Last Modified: | Sep 30 16:28:13 1999 |
| MD5 Checksum: | 66d631dcc7c53f6bbe6e6f449ed3e351 |
|
| /// File Name: |
tcpreplay-1.0.1.tar.gz |
Description:
|
Tcprelay v1.0.1 - Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
| | File Size: | 252686 | | Last Modified: | Sep 23 01:36:39 1999 |
| MD5 Checksum: | 4b9335761e9202abfc175c06b169e991 |
|
| /// File Name: |
fragrouter-1.6.tar.gz |
Description:
|
Fragrouter v1.6 - Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs.
| | File Size: | 277726 | | Last Modified: | Sep 23 01:36:37 1999 |
| MD5 Checksum: | 73fdc73f8da0b41b995420ded00533cc |
|
| /// File Name: |
rpc_gotcha_beta1.0-Sep-Tue-99-12.ta..> |
Description:
|
Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks.
| | Author: | Chad Renfro. | | File Size: | 9285 | | Last Modified: | Sep 17 14:42:12 1999 |
| MD5 Checksum: | f5b3648c6088111ec72e16652246bc3a |
|
| /// File Name: |
aafid2-0.10.tar.gz |
Description:
|
AAFID is a distributed monitoring and intrusion detection system that employs small stand-alone programs/Agents to perform monitoring functions in the hosts of a network. AAFID uses a hierarchical structure to collect the information produced by each agent, by each host, and by each set of hosts, to be able to detect suspicious activity. This release is a prototype and does not implement full functionality. All modules of the system are written in Perl, and thus it is extremely portable. Although some of the Agents included with AAFID2 perform NIDS functionality, the system as a whole is a host-based intrusion detection system.
| | Homepage: | http://www.cerias.purdue.edu/coast/projects/autonomous-agents.html | | File Size: | 1476810 | | Last Modified: | Sep 10 20:40:00 1999 |
| MD5 Checksum: | ac5bfe89ee4e9b1485c41b91af072d46 |
|
| /// File Name: |
aide-0.4.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | File Size: | 182481 | | Last Modified: | Aug 25 07:53:47 1999 |
| MD5 Checksum: | 0eb1a79e5e0b96f876033310ee047535 |
|
| /// File Name: |
drawbridge-2.0.1.tar.gz |
Description:
|
Packet filter that allows you to control IP packets going to and from your LAN and the Internet.
| | File Size: | 429364 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 575fa565254832e202340636c7d72b1f |
|
| /// File Name: |
hummer-A-062799.tar.gz |
Description:
|
See above.
| | File Size: | 981941 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | bfbccb1fe39714dd690884c98296b5c4 |
|
| /// File Name: |
icmpinfo-1.11.tar.gz |
Description:
|
Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
| | File Size: | 13712 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 65c3acdf2f87f9ab9aa1a055d76f8976 |
|
| /// File Name: |
unix.zip |
Description:
|
unix.zip
| | File Size: | 45314377 | | Last Modified: | Aug 16 20:03:14 1999 |
| MD5 Checksum: | 602820f7be369655bb30e58b50337e63 |
|
| /// File Name: |
bgcheck-0.5.tar.gz |
Description:
|
bgcheck 0.5 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
| | Author: | blue. | | Changes: | added support for long usernames, fixed ftpd spawn detection to work with proftpd, possibly others. | | File Size: | 6206 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | a9f62bd27c830d84b9d7d2c4665f6f2a |
|
| /// File Name: |
ctm-1.2.tar.gz |
Description:
|
ctm 1.2 - CTM is an SNMP interface statistics gatherer which works as a daemon and polls SNMP capable routers in regular intervals and puts the gathered information into a database. Information gathered includes operational status of the interface, octets and packets sent and received, line errors, and queue discards, but CTM can easily be changed to log any interface specific SNMP variable. CTM comes with an example report script which gives traffic and line error summaries for certain periods of time.
| | Author: | Lars Fenneberg. | | Changes: | Version 1.2 corrects delta counters accordingly when the router is rebooted. | | File Size: | 29374 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 31d9138ff9dc261b78c50092649863e1 |
|
| /// File Name: |
decfingerd-0.6.tar.gz |
Description:
|
dfingerd v0.6 takes the place of your original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system.
| | Author: | Jon Beaton. | | File Size: | 3164 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | def43c1a780975756a13905667886685 |
|
| /// File Name: |
gogmagog-4.tar.gz |
Description:
|
gogmagog 4 - GogMagog is a multiplatform sysadmin tool for monitoring the integrity of networkwide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is relatively network architecture independent. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface (named GogView) on the server. GogMagog works on Linux, AIX, HP-UX and Solaris.
| | Author: | C. Parisel. | | Changes: | encrypted profiles, security improvements. | | File Size: | 31625 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 973b264138f4cc0f732242cd96f7d54c |
|
| /// File Name: |
lslk_1.25_W.tar.gz |
Description:
|
lslk_1.25_W.tar.gz
| | File Size: | 80900 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 89818f576e10d560f8f806ea8894ff8f |
|
| /// File Name: |
slocate-1.6.tar.gz |
Description:
|
Secure Locate 1.6 - Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also store file permissions and ownership so that users will not see files they do not have access to. It is a bit slower than the GNU locate, but thats the price for security.
| | Author: | Kevin Lindsay. | | Changes: | Optimized some code to make updating the database much faster, patched to allow smoother installation on FreeBSD, and some other minor bug fixes. | | File Size: | 19413 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 6096f7b0e4c4761bb2257dd83405bdb9 |
|
| /// File Name: |
swatch-3.0b1.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 17819 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 5969ec109979acd91b743815dda20a18 |
|
| /// File Name: |
sxid_4.0.0.tar.gz |
Description:
|
sXid 4.0.0 - sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that aren't set any more, or they have changed bits or other modes then it reports the changes in an easy to read format via email or on the command line.
| | Author: | Ben Collins. | | Changes: | numerous - see the changelog file. | | File Size: | 43714 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | f6a48e33024abc347df8606cc45fdd24 |
|
| /// File Name: |
wsm-0.9.5.tgz |
Description:
|
WSM: Web based System Monitor v0.9.5 is a Web accessible System Monitor for Linux featuring: Kernel (uname,lsmod,cpuinfo,free), Syslog (syslog, messages), Users (who), Jobs (ps -axjf), Disks (mount, df), Network (netstat -n), Routes (route -n), ISDN (imontty), VBox (vboxadm), IP Accounting (acct).
| | Author: | Dirk G.K. Mueller. | | File Size: | 22167 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 451cbd6769df7dc06fbe7f5e7c7924a0 |
|
| /// File Name: |
ViperDB-0.7.tar.gz |
Description:
|
ViperDB 0.7 - ViperDB was created as a smaller and faster option to Tripwire. ViperDB does not use a fancy all-in-one database to keep records. Instead it uses a plaintext db which is stored in each "watched" directory. By using this there is no real one attack point for an attacker to focus his attention on. This coupled with the running of ViperDB every 5 minutes (via cron root job) decreases the likelihood that an attacker will be able to modify your "watched" filesystem while ViperDB is monitoring your system.
| | Author: | J-Dog. | | Changes: | Now logs to a standard logging facility instead of an individual file. Added '-checkstrict' functionality which changes permissions/owner/group back to what they were before the change was made to the file. Added exception(s) to '-checkstrict' which removes all permissions from the changed file if the file originally was SUID/GUID. Changed way filesystem changes are seen by admin, now a change only sends an alert to the logs once instead of repeatedly. | | File Size: | 4234 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 1809efd2508e5987e6a8d98139bf7e07 |
|
| /// File Name: |
bgcheck-0.4.tar.gz |
Description:
|
bgcheck 0.4 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
| | Author: | blue. | | Changes: | Fixed major problems handling ftp processes and added exception list for programs. | | File Size: | 5635 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 914c853198372275c51a07f8ba80f883 |
|
| /// File Name: |
ctm-1.0.tar.gz |
Description:
|
CTM 1.0 is your basic SNMP Traffic Monitor.
| | Author: | CTM web site. | | File Size: | 28903 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 1ca5b5279411facaddef1fd5d002fdfe |
|
| /// File Name: |
ctm-1.1.tar.gz |
Description:
|
CTM 1.1 is your basic SNMP Traffic Monitor.
| | Author: | CTM web site. | | File Size: | 29164 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 8904a579f247d4ee16a172c387e7d2c6 |
|
| /// File Name: |
emonitor-v-0.6.tar.gz |
Description:
|
emonitor 0.6 is a notification, action-based system for network, system and application monitoring. emonitor includes the following tools: emsrvmsg (Event Monitor Server Message), emsrvcmd (Event Monitor Server Command), emtlog (Event Monitor Transaction Logger), emconsole (Event Monitor Console), emputcmd (Event Monitor Put Command), emputmsg (Event Monitor Put message). The Event Monitor Project.
| | File Size: | 409580 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 419b432a7d2d4ccf09d4b5754602378c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
