The Defense Worx Network Intrusion Detection System is a linux based IDS which performs high-speed traffic analysis of a network packet to detect unauthorized traffic in real-time. Includes a Java based consile to display alerts.
8c8c0dc8c0ecb2d7b168c0b9689384b31c0528488993d812d6a741ea2a889048samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
05bcb5c628550e899a35271dbf30846efc2a0a63a58ff46493819bb6fc95698cClaymore v0.3 is an intrusion detection and integrity monitoring system. To accomplish its task, it runs from cron and reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses.
06701ba8c09c935d0edafbc748a756d38164c63e1a93ae9b4b8fbc2a558da32bFilewatch is a perl script which watches the CTIME of your files and alerts you to any changes.
e9b0b9efd07c128e57f46f40b0b2e0a783de6b4293eef730676aacb551c53e92Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
dbf618652685f94befe85ab1fcbe56c7cc178f174f75e966f269a3b022932bf9nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
d25efdc2feef00c7f9b17bccb9501ea7f991488871a532aec5de224094d535cdLandmine Fileutils is a modified fileutils package for Linux which logs the arguments used for execution to syslog. Includes patched copies of chmod, chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch.
9f11e852afc06b51af7fb9e02d8233d8d7e2f5dd98943dca6282d871e28eaa70Secure Files 0.1b is a security tool that checks system integrity by comparing the MD5 checksums of flagged files against their earlier recorded checksums.
caad669b0b465c73e0613d69b59ad4a8753e02d3a078318bc637439fcf97fe34nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
bccef5c80d698caf2fa933ba5e6b844e5c373fe98a6d87327521a73e86cb632anabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
514d306db836a86d3801aa340487882f8feb7be7f580769d2729832e7c3731c5samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
53da78706a18ff4dce9b0ee37a60fe8df981b1076074833d5e55def8f98a32c2Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.
8bce851ef10447e005e43e980935808d2de410a94b8e95667bb174cddd7b0c79Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
cba979b649e12b0f5b3b05c196e31d6ea1f8a43d81ac109c8be92cc7e1977e16Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
221564dbdf503990e6e14803a1df0c735c61fa6069ebc56a57a8fba9ac22e4f4Audit is a script which will record any changes to files on your machine by generating a checksum for each file in the directories scanned. It was built with simplicity and ease of use in mind, comes with a GUI, and has a reasonable set of defaults in place out of the box.
60b0c2023ee26f7321e8195b81af3670fbe5aa6f69ef6161898daf59b61fb8c5A perl script that passively fingerprints OSes based on signatures.
442d7be25254eff7136ab3b7b09ea398f149d705e590c03f1095017b55f1771cAIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
610841fb570d981144819861826946c135519cacd58d9a663cca8b9cccf9b0d9Trappa detects a CGI scan and sends an alert message to syslog with the attackers IP+Web Browser. Works by installing decoy CGI scripts in the cgi-bin directory.
c5c64cf21cb54d301d687c4e4ae90ee357c72612a0dca2803565578308d4a6eeSecure Worx (TM) Network Intrusion Detection System - The intrusion detection system is a network based system that performs high-speed traffic analysis of the content and context of a network packet to detect unauthorized traffic in real-time. It has inexpensive hardware and OS requirements. The intrusion detection system runs on a Intel Pentium class compatible processor with a 10/100 Ethernet card running the Linux OS with kernel 2.2 and above with a configured TCP/IP stack. The installation process involves running an installation script that asks a few simple questions. It is then a simple matter of starting the software and your network is then searched for anomalous activity.
faea89ee797f3f11988cce474a14e1abb795054d5e4a03ec5804ff43884cdee8The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
2707d108aa34be6d15b939d6e07fd00586e3b50f6bcb2e2ddeecb06a9e8e9ab4The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
02e142e7a8a5cfef8d6e749c0d6701a73239b098fd104c2605164562580266efThe Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
6d5ba58d987fc714aa42799e13604eb61ef54d01b82002d7c9878e095880635bFCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
fb3737c1c6d920726f78f8eb8ca0423876e061872907a6ac44797d57c526954dThe Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, Etherping test, and ARP test. Support for the ICMP Ping Latency test is under development.
18806ab69e48a986029b36c10e8f6b0206d3907890b5838438dfe6f443e204f2Seclog (security logger) is a log auditing tool written in Perl. It will watch /var/log/messages for suspicious information and notify you via email.
409e621c83ac8b2026f4e2d0140e0b0918baa58a851e5bcce19f32ce0b1942dd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed