Section: .. / UNIX / IDS /
| /// File Name: |
ng.sh |
Description:
|
ng.sh (netgaurd v1a1) uses tcpdump monitor for common attacks and then activates ipfwadm.
| | Author: | ben-z | | File Size: | 2700 | | Last Modified: | Aug 16 20:02:45 1999 |
| MD5 Checksum: | 6b861113bde69593d7a9c777c34dde22 |
|
| /// File Name: |
Gbs.c |
Description:
|
Grazer1's Bait System opens a specific port and logs connections to it. Simple and ghetto way to log Netbus requests.
| | Author: | W. ter Maat | | File Size: | 2599 | | Last Modified: | Feb 22 18:40:58 2000 |
| MD5 Checksum: | eb7bffeff5bf8f893bbeb14cdb2f2649 |
|
| /// File Name: |
icmpmon.c |
Description:
|
icmpmon will show you all ICMP packets reaching your box, which could be useful in detecting attacks/portscans sometimes.
| | Author: | CyberPsychotic | | File Size: | 2579 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | d5afe56be732dcec59d8890f134620f6 |
|
| /// File Name: |
mat.lsm |
Description:
|
Unavailable.
| | File Size: | 2573 | | Last Modified: | Aug 16 20:02:17 1999 |
| MD5 Checksum: | 671c7a745de08df0a6873076c3d77e4f |
|
| /// File Name: |
openports-0.2.tar.gz |
Description:
|
OpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.
| | Author: | Sven Darkman Michaels | | Changes: | Better log analysis, and printing of only the changes. | | File Size: | 2263 | | Last Modified: | Oct 15 18:38:15 2000 |
| MD5 Checksum: | 76384d12f67d37cb17e9d0088d2ee771 |
|
| /// File Name: |
firesoft.tar.gz |
Description:
|
firesoft is a collection of Perl scripts for viewing snort-generated logs and ipchains logs. The package includes a bar chart creator from ipchains logs, to quickly view who has been scanning you the most.
| | Author: | Angelos Karageorgiou | | File Size: | 2026 | | Last Modified: | Nov 8 20:12:30 1999 |
| MD5 Checksum: | 8c68337186a4666bd70651c5764ed602 |
|
| /// File Name: |
seclogv03.tar.gz |
Description:
|
Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information and notify you via email.
| | Author: | Dilusi0n | | Homepage: | http://www.gotr00t.com/~dilusi0n/ | | Changes: | Major rewrite, all system calls have been removed, works much faster now, more secure, saves backups of the reports/mails it creates. | | File Size: | 1975 | | Last Modified: | Apr 3 20:02:57 2000 |
| MD5 Checksum: | 6ef5106814689b8a023946eaa3002edb |
|
| /// File Name: |
sploitmon.pl |
Description:
|
sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
| | Author: | Bansh33 | | Homepage: | http://www.r00tabega.com | | File Size: | 1902 | | Last Modified: | Jun 29 11:29:47 2000 |
| MD5 Checksum: | aa2fb5d66590141e34932b7013cb78d9 |
|
| /// File Name: |
tmp-audit.tar.gz |
Description:
|
tmp-audit is a tool designed to log directory changes (i.e /tmp). This release includes a signal-oriented interface instead sleep().
| | Author: | Proof Of Concept | | File Size: | 1823 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 4c8e94167bb2a9c5d2716be718c3dee8 |
|
| /// File Name: |
tcp_wrappers_7.6.BLURB |
Description:
|
Blurb for tcp_wrappers_7.6.tar.gz
| | File Size: | 1736 | | Last Modified: | Oct 5 18:31:44 1999 |
| MD5 Checksum: | 627fc45308e852c446c3606647fa8c34 |
|
| /// File Name: |
loginlog.c.gz |
Description:
|
Tails the wtmp file and reports all logins to syslog.
| | File Size: | 1713 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | c2b255849cc3e4300c46914c9f3e4268 |
|
| /// File Name: |
trappa.tar.gz |
Description:
|
Trappa detects a CGI scan and sends an alert message to syslog with the attackers IP+Web Browser. Works by installing decoy CGI scripts in the cgi-bin directory.
| | Author: | Narrow | | Homepage: | http://www.b0f.com | | File Size: | 1620 | | Last Modified: | May 7 18:26:54 2000 |
| MD5 Checksum: | 363448532830a960dc354287a21ad11f |
|
| /// File Name: |
suidshow.c |
Description:
|
suidshow.c is a linux lkm that will log any non-root user doing a setuid(0) or a setreuid(0,0) system call. CyberPsychotic
| | File Size: | 1594 | | Last Modified: | Oct 26 20:23:28 1999 |
| MD5 Checksum: | 241bfda6ea160e113020cfd540674192 |
|
| /// File Name: |
sockstat.tar.gz |
Description:
|
Simple C program written to display open ports on a given host. Useful for when things like netstat and sockstat might be backdoored.
| | Author: | duriel | | File Size: | 1583 | | Last Modified: | Jul 9 07:42:07 2006 |
| MD5 Checksum: | 69e90ab3d31c5acc04a8263c800cee6e |
|
| /// File Name: |
0x333hpl.c |
Description:
|
0x333hpl.c compares pids in /proc with ps aux output.
| | Author: | nsn | | Homepage: | http://www.0x333.org | | File Size: | 1569 | | Last Modified: | Apr 1 03:16:45 2003 |
| MD5 Checksum: | 5f2a93e4bdce690ddebb8ea38d6d2320 |
|
| /// File Name: |
mon-0.38.12.tar.gz.sign |
Description:
|
Unavailable.
| | File Size: | 344 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | ad94b4ce8e010a8c818e5ceb65fe5281 |
|
| /// File Name: |
mon-0.38pre7.tar.gz.sign |
Description:
|
PGP signature for mon 0.38pre7.
| | File Size: | 344 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | a421f18650959c0c54f9dc396bf301f2 |
|
| /// Directory: |
/ lsof / |
Description:
|
Unavailable.
| | Total Files: | 35 | | Last Modified: | Sep 5 21:20:51 2007 |
|
| /// Directory: |
/ nidsbench / |
Description:
|
nidsbench is a network intrusion detection system test suite. nidsbench is being published in the hopes that a more precise testing methodology might be applied to network intrusion detection, which is still a black art at best. This release of nidsbench includes: fragrouter: Implement all IP fragmentation attacks outlined in T. Ptacek and T. Newsham's "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January, 1998. tcpreplay: Replay saved tcpdump(8) dumpfiles at arbitrary speeds. nidsbench is published under a BSD-style license, and has been tested on the following platforms: OpenBSD 2.x, FreeBSD 3.x, BSD/OS 2.x, Linux (2.x kernels), Solaris 2.x (tcpreplay only).
| | Author: | Anzen Computing | | Total Files: | 18 | | Last Modified: | Sep 5 21:20:54 2007 |
|
| /// Directory: |
/ samhain / |
Description:
|
Unavailable.
| | Total Files: | 17 | | Last Modified: | Sep 5 21:20:57 2007 |
|
| /// Directory: |
/ cpm / |
Description:
|
Tool for checking network nterfaces in promisc mode.
| | Total Files: | 8 | | Last Modified: | Sep 5 21:20:48 2007 |
|
| /// Directory: |
/ L6 / |
Description:
|
L6 is a file data integrity checker using both the MD5 and SHA-1 hash algorithms. This tool can detect file tampering based on hashes generated by both algorithms and other inode information. It also provides a useful, lightweight and flexible interface (written in perl) to verify file data integrity, and the output and functionality resembles that of L5.
| | Author: | Programmaton | | Total Files: | 6 | | Last Modified: | Sep 5 21:20:45 2007 |
|
| /// Directory: |
/ sentinel / |
Description:
|
The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques.
| | Total Files: | 5 | | Last Modified: | Sep 5 21:21:00 2007 |
|
| /// File Name: |
argus-1.5.tar.Z |
Description:
|
See below.
| | File Size: | 0 | | Last Modified: | Aug 16 20:02:15 1999 |
| MD5 Checksum: | d41d8cd98f00b204e9800998ecf8427e |
|
| /// File Name: |
riley-0.1.tar.gz |
Description:
|
Unavailable.
| | File Size: | 0 | | Last Modified: | Mar 28 19:49:42 2001 |
| MD5 Checksum: | d41d8cd98f00b204e9800998ecf8427e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
