Section: .. / sniffers / snort /
| /// File Name: |
snorticus-1.0.tar.gz |
Description:
|
Snorticus is a collection of shell scripts designed to allow easy managment of Snort sensors. It allows you to routinely collect Snort sensor data, analyze the data via SnortSnarf, and easily maintain rule files.
| | Author: | Paul Ritchey | | Homepage: | http://snorticus.baysoft.net/ | | File Size: | 15870 | | Last Modified: | Sep 27 16:36:12 2000 |
| MD5 Checksum: | 89cca73c48f8b2da94bfbba6ca02c400 |
|
| /// File Name: |
snort-rep-1.3.tar.gz |
Description:
|
snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | Changes: | FreeBSD and Linux syslog parsing has been fixed, and a new "type" column has been added to the portscan report. | | File Size: | 15221 | | Last Modified: | Aug 2 22:02:56 2001 |
| MD5 Checksum: | 39dc7f0601093ac0b24fdb22efa8ad3f |
|
| /// File Name: |
snort-rep-1.2.tar.gz |
Description:
|
snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | File Size: | 15073 | | Last Modified: | Jul 21 00:49:04 2001 |
| MD5 Checksum: | 95ba9f128647355241f09664c0685ef5 |
|
| /// File Name: |
snort-rep-1.4.tar.gz |
Description:
|
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | Changes: | The perl module Parse::Syslog is now used. Sorting of HIGH alerts was fixed. | | File Size: | 15057 | | Last Modified: | Aug 17 19:19:06 2001 |
| MD5 Checksum: | 68aed06e77b7cae7e7f9121e79797a52 |
|
| /// File Name: |
dupl.pl |
Description:
|
dupl.pl v0.4 is a snort rules beautifier which removes duplicate rules from *-lib, vision.conf, and xxxx-rules files.
| | Author: | Zas | | Homepage: | http://www.norz.org | | File Size: | 14617 | | Last Modified: | Aug 14 14:59:15 2000 |
| MD5 Checksum: | a9fd81622de9c25ef6be15f4dfcd356b |
|
| /// File Name: |
incident-1.5.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | More registrars have been added to the ignore list to avoid sending reports to the wrong people. More WHOIS servers have been added for querying. A '-x' option has been added to only do contact information gathering on a host and dump a list of admin emails to output, and some other minor bugs were corrected. | | File Size: | 12931 | | Last Modified: | Aug 12 21:29:12 2001 |
| MD5 Checksum: | dae08c4cb001ee5be5872329a4a09f62 |
|
| /// File Name: |
snortstart |
Description:
|
Snortstart v0.17 is a bash script which acts as a wrapper for starting snort which aims to install, start and stop snort in a chroot jail under unprivileged user and group.
| | Author: | Zas | | Homepage: | http://www.norz.org/software/snortstart.html | | File Size: | 12667 | | Last Modified: | Sep 21 19:45:54 2000 |
| MD5 Checksum: | a82c851f6dc8fbcfd78e21e70f1a994c |
|
| /// File Name: |
Worminator-src.tgz |
Description:
|
A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the source version.
| | Author: | Yuri Gushin | | Related File: | Worminator-bin.tgz | | File Size: | 12467 | | Last Modified: | Dec 5 21:38:51 2006 |
| MD5 Checksum: | bdf32a59c2698f26abe112066a65967d |
|
| /// File Name: |
snort-covert.txt |
Description:
|
Snort patch based on the "tcpstatflow" tool and written to be compiled with snort-2.6.1.1 using the stream4 preprocessor. It is designed to detect traffic that is not HTTP / HTTPS / FTP / SMTP, with a reasonable margin of error.
| | Author: | fryxar | | File Size: | 12428 | | Last Modified: | Dec 6 01:42:08 2006 |
| MD5 Checksum: | 1d850cbbfbd2d2b20aeab7d455b919a8 |
|
| /// File Name: |
snort-1.0.1-lib |
Description:
|
This snort-lib ruleset for the latest version of snort has over 150 rules.
| | Author: | Martin Roesch | | File Size: | 12165 | | Last Modified: | Aug 16 20:13:56 1999 |
| MD5 Checksum: | 3923d6f1e853f76bc202329e5d00ba72 |
|
| /// File Name: |
netsquid.tar.gz |
Description:
|
NetSQUID is a Perl script that sits inbetween Snort and IPTables. It looks at the alerts generated by Snort, then automatically creates an IPTables firewall entry to block problematic hosts (such as those infected by viruses). Web traffic is redirected to a webserver that can alert the user to the infection. The host is automatically unblocked after a specified time (hopefully reducing calls to your NOC). It can also send out DHCP address requests, so rogue DHCP servers can be detected by Snort.
| | Author: | msconzo | | Homepage: | http://security.tamu.edu/db.html | | Changes: | Bug fixes and code cleanup. | | File Size: | 11700 | | Last Modified: | Jul 14 12:17:00 2004 |
| MD5 Checksum: | 19e7aae0da3a00b4c06694f6f8809919 |
|
| /// File Name: |
snort2html15.txt |
Description:
|
Snort2HTML v1.5 converts Snort Intrusion Detection System logs into nicely-formatted HTML.
| | Author: | Daniel Swan | | Homepage: | http://www.clark.net/~roesch/security.html | | Changes: | Parsing for ICMP alerts, optimized code, input/output files now can be specified on the command line, and more. | | File Size: | 11095 | | Last Modified: | Oct 4 18:13:09 2000 |
| MD5 Checksum: | cd5e3a4daf979cf274773af56b3128df |
|
| /// File Name: |
incident-1.3.tar.gz |
Description:
|
Incident.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | Some output formatting has been fixed, and SIGINT (ctrl-c) will do some cleanup before dying. This version has stricter parsing of the subject when doing email followup, and shows whether XWD failed or succeeded. An example email that is sent to the archive has been added. "security[at]" and "noc[at]" have been added to emails that are notified, and configuration can now be specified in a configuration file. | | File Size: | 10885 | | Last Modified: | May 14 14:00:06 2001 |
| MD5 Checksum: | 24ba0152a526c533dd7426d3f6aba379 |
|
| /// File Name: |
liveSnort-1.0-stable.tar.gz |
Description:
|
liveSnort is a simple, yet useful live Snort monitoring web-application that takes advantage of AJAX/Web 2.0 technology to make the task of monitoring and viewing the most recent Snort events easier.
| | Author: | Remote Assessment | | Homepage: | http://www.aanval.com/liveSnort/ | | File Size: | 9158 | | Last Modified: | Dec 12 17:38:32 2007 |
| MD5 Checksum: | 0173424aa299b2701d9e4ed32714c0fd |
|
| /// File Name: |
mbd.tar.gz |
Description:
|
NetSQUID is a Perl script that sits inbetween Snort and IPTables. It looks at the alerts generated by Snort, then automatically creates an IPTables firewall entry to block problematic hosts (such as those infected by viruses). Web traffic is redirected to a webserver that can alert the user to the infection. The host is automatically unblocked after a specified time (hopefully reducing calls to your NOC). It can also send out DHCP address requests, so rogue DHCP servers can be detected by Snort.
| | Author: | msconzo | | Homepage: | http://security.tamu.edu/db.html | | File Size: | 7911 | | Last Modified: | May 16 22:57:37 2004 |
| MD5 Checksum: | ef5f44b783aab6c76b7c6289cdebcac3 |
|
| /// File Name: |
snortctl.tar.gz |
Description:
|
A suite of scripts that were originally part of the AEnigma DIDS Project. The script snortctl is for management of the Snort NIDS. The snortfilter is a log parser and colorized.
| | Author: | Marco Ivaldi | | Homepage: | http://aenigma.mediaservice.net | | File Size: | 6685 | | Last Modified: | Nov 16 22:00:41 2002 |
| MD5 Checksum: | 72bebbeb3f4abf5e9393cf0c7b9c35f5 |
|
| /// File Name: |
usr-guard-1.0.bz2 |
Description:
|
USR-Guard acts as a bridge between Snort and a US Robotics 9105 ADSL router. When a snort alert is generated, USR-Guard will connect into your US Robotics router and add rules to block the host. This block is then removed after a defined period of hours.
| | Author: | Mark Wadham | | File Size: | 6064 | | Last Modified: | Feb 25 19:56:29 2005 |
| MD5 Checksum: | a1f9f8dc957029fb671a6cf48c1ae0e5 |
|
| /// File Name: |
snort-1.0-lib |
Description:
|
snort-1.0-lib is a set of example Snort rules. It's short, but gives a good overview of the basic rule types and how to use the pattern matcher properly. This version of snort-lib includes alot of new stuff.
| | Author: | Martin Roesch | | File Size: | 5234 | | Last Modified: | Aug 16 20:13:51 1999 |
| MD5 Checksum: | b63e655ef98a05ff3f474f27353d38f3 |
|
| /// File Name: |
snort-0.99rc6-lib |
Description:
|
snort-0.99rc6-lib is a set of example Snort rules. It's short, but gives a good overview of the basic rule types and how to use the pattern matcher properly. This version of snort-lib includes alot of new stuff.
| | Author: | Martin Roesch | | File Size: | 5039 | | Last Modified: | Aug 16 20:13:50 1999 |
| MD5 Checksum: | c86e1ab5aafe35e0398f21e7588bae93 |
|
| /// File Name: |
ruleset-retrieve.c |
Description:
|
Ruleset-retrieve obtains the newest Snort IDS ruleset from www.snort.org or whitehats.com and inserts your ip address into the appropriate areas.
| | Author: | Vacuum | | Homepage: | http://www.technotronic.com | | File Size: | 4599 | | Last Modified: | Nov 4 20:16:11 2000 |
| MD5 Checksum: | 9298f47430375c73ff07b095ce849deb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
