Section: .. / UNIX / IDS /
| /// File Name: |
prelude-manager-0.8.4.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Bugs fixed, and corrects OpenSSL, PgSQL, and MySQL detection. | | File Size: | 409510 | | Last Modified: | Sep 5 17:04:00 2002 |
| MD5 Checksum: | 3021934c7782b155cf240c75519aaf46 |
|
| /// File Name: |
pmids-1.5.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | Bug fixes and some cool improvements. | | File Size: | 14746 | | Last Modified: | Aug 30 01:58:32 2002 |
| MD5 Checksum: | bd319ae6afaabd837ee24d4c0c4fa04d |
|
| /// File Name: |
prelude-manager-0.8.3.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | File Size: | 372329 | | Last Modified: | Aug 30 01:41:34 2002 |
| MD5 Checksum: | b9097c765fd7e396dca45398dc84ab88 |
|
| /// File Name: |
prelude-nids-0.8.1.tar.gz |
Description:
|
Prelude NIDS is the network sensor part of the Prelude Hybrid IDS suite. It provides network monitoring with fast pattern matching (Boyer-Moore) to detect attacks against a network. Includes protocol and detection analysis plugins featuring Telnet, RPC, HTTP, and FTP decoding and preprocessors for cross-platform polymorphic shellcodes detection, ARP misuse detection, and scanning detection. It supports IP fragmentation and TCP segmentation to track connections and detect stateful events.
| | Homepage: | http://prelude.sourceforge.net | | File Size: | 658730 | | Last Modified: | Aug 30 01:40:10 2002 |
| MD5 Checksum: | ffaa17e6694f12b8d5ede91c1fbdf22d |
|
| /// File Name: |
samhain-1.6.0.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | This release fixes a bug that may cause filename truncation if a filename with special (e.g. non-ASCII) characters is logged to an SQL database. | | File Size: | 710169 | | Last Modified: | Aug 30 01:35:22 2002 |
| MD5 Checksum: | 1c093de9806603868856393247c6f61f |
|
| /// File Name: |
firestorm-0.4.6.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Fixed a bug which caused tcpdump log files to get overwritten. The TCP state tracking code was completely rewritten and is now much more accurate and efficient. Support for HTTP URI content matching was added. Snort signatures are now bundled with default packages. | | File Size: | 226441 | | Last Modified: | Aug 21 01:52:18 2002 |
| MD5 Checksum: | e8be7fbdee729a9e2d862d16fcbcefc3 |
|
| /// File Name: |
shoneypot-0.2.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | Changes: | Added install script, and added more responses to the SMTP target. | | File Size: | 12140 | | Last Modified: | Aug 14 02:06:59 2002 |
| MD5 Checksum: | 12b81eaafcaad1dde6291f4c1b79823c |
|
| /// File Name: |
honeyd-0.3.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Included UDP support (including proxying), and many bugfixes. | | File Size: | 135998 | | Last Modified: | Jul 31 03:08:32 2002 |
| MD5 Checksum: | 027c507bb165bea70403309e4445c601 |
|
| /// File Name: |
samhain-1.5.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes potential buffer overflow in the client/standalone code of samhain, versions 1.3.4 to 1.5.3 if compiled with the 'stealth' or 'micro-stealth' option. Other bugs were fixed. | | File Size: | 708073 | | Last Modified: | Jul 24 00:26:29 2002 |
| MD5 Checksum: | 52b87501bf469a7731b3d0207232ca5d |
|
| /// File Name: |
clownids.tgz |
Description:
|
ClownIDS v1.0 verifies the md5 checksums of files and mails the admin and runs scripts when a problem is found.
| | Author: | Mimayin | | Homepage: | http://lsa.mine.nu | | File Size: | 5189 | | Last Modified: | Jul 5 20:30:27 2002 |
| MD5 Checksum: | 866ca32bbd6963b29101fa3e3a2a7889 |
|
| /// File Name: |
logwatch-3.3.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | Fixed the iptables and sendmail parsing routines. Some Solaris compatibility changes were made. An arpwatch filter was added. | | File Size: | 53647 | | Last Modified: | Jul 4 04:48:31 2002 |
| MD5 Checksum: | c559a05283e575531845b44f8787bf2d |
|
| /// File Name: |
pmids-1.3.tgz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://www.darkie.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=22&ttitle=Poor_Man's_IDS | | Changes: | New self-check portion, a new ability to pull signatures from a remote location (default is the author's Web site, and you must have wget for this feature to work). | | File Size: | 3127 | | Last Modified: | Jun 12 23:13:49 2002 |
| MD5 Checksum: | 6bc9015ccff5dd993e1b7d4549c80f2a |
|
| /// File Name: |
firestorm-0.4.4.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Added TCP stateful inspection, a 'fragoffset' matcher and the 'stateless' keyword were added. Bugs were fixed. | | File Size: | 146635 | | Last Modified: | Jun 10 03:19:32 2002 |
| MD5 Checksum: | 91f13cdc017c0ebb3c21ff230db198c3 |
|
| /// File Name: |
aide-0.9.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Now has the ability to compare two databases, support for using HMAC to verify configuration and the database, and includes bugfixes. | | File Size: | 216096 | | Last Modified: | Jun 5 01:14:41 2002 |
| MD5 Checksum: | 877b1f515a9e25afda75e06805d687fb |
|
| /// File Name: |
firestorm-0.4.3.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Lots of bugs have been fixed. An 802.1q (VLAN) decode plugin has been added. | | File Size: | 143763 | | Last Modified: | Jun 3 01:48:29 2002 |
| MD5 Checksum: | 47b4ad43b07f648553dc77cadf44b1a7 |
|
| /// File Name: |
samhain-1.51a.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes some bugs introduced with new features in version 1.5.0. | | File Size: | 698190 | | Last Modified: | Jun 3 01:41:29 2002 |
| MD5 Checksum: | bf6d05dd90a641d2bc5e4a222f2ce365 |
|
| /// File Name: |
puresecure-1.6-personal.tar.gz |
Description:
|
Demarc PureSecure is a tool that combines all major aspects of network security into a centralized location. It integrates Network Intrusion Detection using the Snort IDS engine with host-based System Integrity Verification and a distributed plugin-based Extensible Service Monitoring system. Screenshots available here.
| | Homepage: | http://www.demarc.com | | Changes: | Numerous and significant changes made to the current features, and the addition of many more. Lots of bugs were fixed. | | File Size: | 268790 | | Last Modified: | Apr 24 22:28:01 2002 |
| MD5 Checksum: | d608f583c21814c00e80c5f12b82f11d |
|
| /// File Name: |
logwatch-2.7.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | If you are running v2.4 or below it is imperative that you upgrade! This version supports multiple copies of the same command (such as *remove) in config files, no longer requires an = sign when no arguments are given, and adds some more filtering. | | File Size: | 35965 | | Last Modified: | Apr 6 02:32:09 2002 |
| MD5 Checksum: | c193360765959f2b6126dee663f3e207 |
|
| /// File Name: |
mod_protection-0.0.2.tar.gz |
Description:
|
Mod_protection is an apache module that integrate basic function of an IDS (intrusion detection system) and of a firewall (just an emulation for now). Your apache administrator have only to install mod_protection and define rules. A normal NIDS can't check SSL protected traffic, where mod_protection can. When a malicious client sends a request that matches on your rules the administrator will be warned and the client gets a user defined page or a error or warning.
| | Author: | Yaroze | | Homepage: | http://www.twlc.net | | Changes: | Three new directives - BlockTime, PairAlert, and PairAlertMatch. Blocktime does firewall emulation. Updated docs. Rules are now in an external file. | | File Size: | 46164 | | Last Modified: | Mar 20 01:58:54 2002 |
| MD5 Checksum: | 021f1fcdf44ec86204c47ee92eca0a2b |
|
| /// File Name: |
samhain-1.4.6.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes a compile error with --enable-xml on non-Linux systems and a problem with the hiding kernel module on new Linux kernels has been fixed (files were hidden, but the samhain process was visible). | | File Size: | 706263 | | Last Modified: | Mar 20 01:40:57 2002 |
| MD5 Checksum: | b7a160b89e91821412b9e7d6404cf8dd |
|
| /// File Name: |
bubblegum-1.0.tar.gz |
Description:
|
Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, logging the changes. It can run an external command, read files from a filelist, and more.
| | Homepage: | http://cyclic.sourceforge.net/bubblegum | | Changes: | A fix for a Linux compile problem, syslogd support, and a couple of other bugfixes. | | File Size: | 15752 | | Last Modified: | Mar 8 01:48:57 2002 |
| MD5 Checksum: | 1389a0c513dd703700de51cd7301a084 |
|
| /// File Name: |
mod_protection-0.0.1.tar.gz |
Description:
|
Mod_Protection is an apache module that integrate basic function of an IDS (intrusion detection system) and of a firewall (not yet). Your apache administrator have only to install mod_protection and define rules. When a malicious client sends a request that matches on your rules the administrator will be warned and the client gets a user defined page or a error or something that notifies that now he will be persecuted or ... The warning system just write on a socket, so you can put on the other side of the socket an application that send you a mail, an SMS, a message in your favorite IM or a notify in your IRC client.
| | Author: | Yaroze | | Homepage: | http://www.twlc.net | | File Size: | 26222 | | Last Modified: | Mar 6 12:33:27 2002 |
| MD5 Checksum: | 6fb1604b85b63660b43d0806103a3d84 |
|
| /// File Name: |
nabou-2.0.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | Fixed some major bugs. | | File Size: | 51477 | | Last Modified: | Feb 19 02:47:35 2002 |
| MD5 Checksum: | 0c60cccfe62bccc9121edfdcd307f2ed |
|
| /// File Name: |
aide-0.8.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Lots of bugs were fixed! A syslog backend was added. The report format was changed. Lots of parameters were added. ACL support for SunOS 5.x (and compatibles) was added. libgcrypt is now separate and required. | | File Size: | 197272 | | Last Modified: | Feb 19 02:43:06 2002 |
| MD5 Checksum: | 84b608ccf5051d41a8ccfee87ced5428 |
|
| /// File Name: |
samhain-1.4.4.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Fixes a bug that on some machines caused the daemon to abort immediately after startup. Also a bug has been fixed that caused unnecessary device access by erroneously following symlinks to devices. | | File Size: | 703757 | | Last Modified: | Feb 19 02:30:21 2002 |
| MD5 Checksum: | c618ffeb8a3066131770171dae1ae4e7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
