Section: .. / UNIX / IDS /
| /// File Name: |
monitord-4.0beta.tar.gz |
Description:
|
The Network Security Monitor Daemon is a lightweight (distributed?) network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
| | Homepage: | http://sourceforge.net/projects/monitord | | Changes: | Improved security - No threads run as root. Added a new statistical thread and an HTTP server thread (which serves statistics in XML/XSL). | | File Size: | 34185 | | Last Modified: | Dec 18 01:02:29 2001 |
| MD5 Checksum: | ce6dfe55f8de34afa03e3e5d51685b7a |
|
| /// File Name: |
swatch-3.0.4.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://www.stanford.edu/~atkins/swatch/ | | Changes: | Fixed a big bug involving key value assignment when throttling. | | File Size: | 24157 | | Last Modified: | Nov 14 03:00:20 2001 |
| MD5 Checksum: | ce290dd2cae6ce834f59e24d97a30d3b |
|
| /// File Name: |
demarc-1.05-stable.tar.gz |
Description:
|
Unavailable.
| | File Size: | 199214 | | Last Modified: | Nov 12 21:16:23 2001 |
| MD5 Checksum: | c7e9585b1c50df16c7c97566dffbc9e6 |
|
| /// File Name: |
firestorm-0.2.2.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Many snort compatibility fixes were made. All the snort 1.7 rules work. Most of the snort 1.8 rules work. Lots of bugs were fixed. | | File Size: | 179057 | | Last Modified: | Sep 27 01:22:02 2001 |
| MD5 Checksum: | 3d4249dc04cb8ae49d422e4bbcadb656 |
|
| /// File Name: |
netl-1.09.tar.gz |
Description:
|
netl v1.09 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback which provides functionality not found in similar programs. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
| | Author: | Graham Ollis | | Homepage: | http://www.netl.org | | Changes: | Added perl/Tk interface, fixed some bugs. | | File Size: | 275120 | | Last Modified: | Sep 19 20:43:20 2001 |
| MD5 Checksum: | 8bd85e4f9398ec16cdee9dfe9577628b |
|
| /// File Name: |
LaBrea.tgz |
Description:
|
LaBrea v2.0 is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
| | Author: | Tom Liston | | Homepage: | http://www.hackbusters.net/LaBrea | | Changes: | New command line option -p to keep tcp connections in the "persist" state, which can hold on to threads for a long time. | | File Size: | 23860 | | Last Modified: | Sep 18 23:23:53 2001 |
| MD5 Checksum: | 7365fb2beff6fa486908a1419e0de0ae |
|
| /// File Name: |
swatch-3.0.2.tar.gz |
Description:
|
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
| | Author: | Todd Atkins | | Homepage: | http://oit.ucsb.edu/~eta/swatch | | Changes: | Defaults to /var/adm/messages now. Lots of bugs were fixed. | | File Size: | 24250 | | Last Modified: | Sep 6 01:46:02 2001 |
| MD5 Checksum: | 609a50a2c089417f76a6d13635407463 |
|
| /// File Name: |
firestorm-0.2.1.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Sensors can now send data out to a central server over the Internet. Some bugs were fixed, and work on a firestorm daemon was started. | | File Size: | 173227 | | Last Modified: | Sep 5 02:10:26 2001 |
| MD5 Checksum: | f04e16e415bf5112909eaa51ad2ba81c |
|
| /// File Name: |
prelude-0.4.2.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Fixes for people with dynamic IP addresses, a fix for a bug where inversed tests were wrongly reported, a fix for a crash on startup, and other bug fixes. | | File Size: | 922584 | | Last Modified: | Aug 30 02:22:30 2001 |
| MD5 Checksum: | bf008dcec206d595bf8cc43fbf60ce76 |
|
| /// File Name: |
prelude-0.4.1.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Better configuration, a new Arpspoof detection plugin which detects several ARP attacks, and bug fixes. | | File Size: | 996042 | | Last Modified: | Aug 18 22:10:41 2001 |
| MD5 Checksum: | 2db2101c4e883c43da13c8b73bc59c66 |
|
| /// File Name: |
prelude-0.4.0.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Includes a new signature engine which can can read Snort rulesets. The protocol plugins telnet (Handle telnet/FTP negotiation character), rpc (Handle the rpc protocol, provide the RPC key used in several Snort rulesets), http (Handle the uricontent key used in the Snort ruleset) have been added. There is a new XML reporting plugin, and lots of bugfixes. | | File Size: | 989953 | | Last Modified: | Aug 17 19:43:31 2001 |
| MD5 Checksum: | f8808d9a5a30a07ce3a985233a0b9b08 |
|
| /// File Name: |
coderedwarn0_0b2.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | Changes: | The recipient list has been adjusted to be more SMTP-compliant. A suggested way to run without keeping bounce messages in queue has been provided. SMTP connections are tested on the remote host before sending, and the 404 on home page download has been fixed. | | File Size: | 5185 | | Last Modified: | Aug 11 17:09:52 2001 |
| MD5 Checksum: | 6fe77e9e6963429809eeb9bc90c79f54 |
|
| /// File Name: |
coderedwarn0.0b.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | File Size: | 4896 | | Last Modified: | Aug 11 05:33:21 2001 |
| MD5 Checksum: | 3a2b8840b784ba2af90b3188be12c8e2 |
|
| /// File Name: |
acid-0.9.6b12.tar.gz |
Description:
|
The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of incidents generated by security software such as IDS's and firewalls (e.g., Snort or ipchains). It provides a search interface for finding alerts matching practically any criteria, including arrival time, signature time, source/dest address/port, flags, payload, etc. ACID also provides the ability to annotate and logically group related events, delete false positives, or archive alerts among databases. A variety of statistics and graphs can be generated based on time, IP address, ports, alert classification, and sensor.
| | Homepage: | http://acidlab.sourceforge.net | | File Size: | 81899 | | Last Modified: | Aug 4 08:29:14 2001 |
| MD5 Checksum: | 52060fdcb7bf9a5604286396e0f4ba02 |
|
| /// File Name: |
firestorm-0.2.0.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Re-Designed packet encode engine which supports encapsulation. A final few issues in the snort parser have been resolved. A log target (logs to tcpdump files) was added. Bugs were fixed, | | File Size: | 169767 | | Last Modified: | Jul 25 05:07:12 2001 |
| MD5 Checksum: | f48dd7f1d7ff24f5fd12b76f3c91b160 |
|
| /// File Name: |
petrovich-1.0.0.tar.gz |
Description:
|
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
| | Author: | T. Kinch | | Homepage: | http://sourceforge.net/projects/petrovich | | File Size: | 17844 | | Last Modified: | Jul 21 00:13:00 2001 |
| MD5 Checksum: | a5657c6af0796b8738dc0b07563ba464 |
|
| /// File Name: |
portsentry-1.1.tar.gz |
Description:
|
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/abacus/portsentry/ | | Changes: | Added netmask ignoring support, a toggle for DNS lookups, and can prioritize response/external commands. The Linux 2.4 CPU usage bug has been fixed. | | File Size: | 45871 | | Last Modified: | Jul 17 16:40:36 2001 |
| MD5 Checksum: | 782839446b7eca554bb1880ef0882670 |
|
| /// File Name: |
firestorm-0.1.3.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | New TCP flags, ICMP sequence, and ID matchers, bugfixes, a more verbose alert target, and improved documentation. | | File Size: | 144241 | | Last Modified: | Jun 7 14:50:12 2001 |
| MD5 Checksum: | 6535757480bdcaca23579488b294503a |
|
| /// File Name: |
nabou-1.8.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | While 1.7 fixed many bugs, it included some new ones. Everybody who has 1.7 in use is urged to upgrade to 1.8. Directory recursion and some other ugly bugs have been fixed. Two new statements are available, and all features of the program have been tested before release. | | File Size: | 89297 | | Last Modified: | Jun 4 18:09:03 2001 |
| MD5 Checksum: | 943b114cfbbbb3476bbecf7339401589 |
|
| /// File Name: |
nabou-1.7.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.nabou.org | | Changes: | Better command line behavior which now supports more configuration options. It is now possible to completely replace tripwire with nabou. | | File Size: | 86637 | | Last Modified: | Jun 1 19:59:06 2001 |
| MD5 Checksum: | 555546c4f0041d4eda99fd7e222ae832 |
|
| /// File Name: |
rdC-sf.1.0.tgz |
Description:
|
SF (securefiles) is a local intrusion detection system (IDS) which will get the hashes for the specified files and create a database which is then then it is encrypted with AES. The executable checks itself, and a phrase is displayed (we select it on the installation) every time the program run successfully.
| | Author: | Venomous | | Homepage: | http://www.rdcrew.com.ar | | File Size: | 51718 | | Last Modified: | May 30 16:24:48 2001 |
| MD5 Checksum: | e0f5bf109f1be32e108aa722ff74d60d |
|
| /// File Name: |
firestorm-0.1.2.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | This release allows rule criteria to be negated, includes a string/content matcher, support for bidirectional snort rules, a TTL matcher, an IP ID matcher, and lots of other little fixes. | | File Size: | 142774 | | Last Modified: | May 29 18:46:32 2001 |
| MD5 Checksum: | bc70351bf359f52a926f0e8273d12701 |
|
| /// File Name: |
prelude-0.3.tar.gz |
Description:
|
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
| | Homepage: | http://www.linux-mandrake.com/prelude | | Changes: | Now includes on-demand SSL authentication and encryption between Prelude client and the Report server, an HTML reporting plugin, support for PPPOE layer, avoids duplicate operations between report plugins, and report server support for long options. The backup interface has been improved. | | File Size: | 636183 | | Last Modified: | May 3 17:35:11 2001 |
| MD5 Checksum: | 0334a402975d9adac964bc5527c58a3c |
|
| /// File Name: |
sentinel-1.2.1c.tar.gz |
Description:
|
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
| | Homepage: | http://zurk.sourceforge.net/zfile.html | | Changes: | Sentinel-user for individual users has been added. The copyright has been changed to the FSF. This release also contains minor makefile updates. | | File Size: | 443155 | | Last Modified: | Apr 24 21:24:03 2001 |
| MD5 Checksum: | 87a55fcb020303d4d8efe60317948c3a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
