toscin is a basic IDS system that uses packet filtering to warn against possible attacks against specified services. It basically watches the local network for SYN connections to certain services, and sends notification. Solaris 2.x possibly others.
06069c45e5ec8ef33117592147cdfc24c37a3cc99b890a120d02decafdc6d6fc
Modified rexec source - captures ident information upon being portscanned. Does not actually emulate services other than listening at certain tcp ports. This is reported to work under Solarix 2.x and possibly linux. Now modified to provide limited counterintelligence (ident query back to source).
b3a8fe6e4a4f2d3c04569b2ee42a59a776b312a65ecbbdc897eb249d57eeb0e2
synsniff, as the name would imply, is a simple program which watches for the first part of a TCP connection (the SYN packet) and logs it. Optionally, synsniff can detect FIN (end of session) packets with no corrosponding SYN; this is useful for discovering stealth FIN scans. It is primarily a TCP connection logger but also includes some portscan detection heuristic. It logs incoming SYN and FIN packets to stdout, and also detects portscans by watching for multiple incoming connections within a short timeout (default threshold is 7 connections per second).
dc173114eacb71ab91f027e86510b06a61839e26131d6993217a507fcfdf31ea