Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
e43d8b6f9d5a0efb89edbce1c9a09aca4bf39dd62f8f430e74a835801585ad5eSimple Bof Coder for Linux and BSD constructs proof of concept buffer overflow code by asking several questions about the vulnerability. Written in perl, generates C source.
61ad4e418307159c7adf3bc1cd3b9c61ce9120f4bd277c4b51fceecc722e9cf8The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
32cb78c927a04a72e82564f3db2ad9abbce771194fe68ea1e5f8ded50d96f2c0Basic Transposition Ciphers - All they do is shuffle the characters.
a6cef088fd83129f4d008c1646791990e5efefbb135dda28f1594c9f51b57eb6The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.
c3eab65349d14045e1c71e01c0eee10c930954db406d18e2ef4fb2c4edc148d3Atstake Security Advisory A081602-1 - The auditing mechanism of Windows NT 4.0 and Windows 2000 SP2 does not understand hard links so it produces some erroneous results allowing an attacker to access files through hard links such that the name of the file being accessed does not appear in the security event log. Instead, the file name of the hard link appears in the event log. The hard link can be deleted after accessing the file thus eliminating any trace of the file I/O activity.
e5fefbae46a457866facd5d4caafcae07329a7508e7d9764de60f72b741eb0baLynx prior to v2.8.4rel.1 contains a vulnerability which allows a web site owner to cause lynx to download files from the wrong site on a webserver with multiple virtual hosts because lynx fails to remove or encode dangerous characters such as space, tab, CR and LF before constructing HTTP queries.
76cadd36c69520fb9295e1e9db5a96658f1721be3a8c838c891d9f76c4a927aeNGSSoftware Security Advisory NISR19002002A - Microsoft SQL Server 2000 and 7 come with a "helper" service which allows a low privileged user to create and overwrite arbitrary files on the SQL server. Includes proof of concept SQL code.
d00fd77d758ad8f157ea1a193c0b5f00842cddd2ba606d82b82ca8b386411279NGSSoftware Security Advisory NISR19082002B - The Tomahawk SteelArrow web application server v4.1 and below for Windows NT and 2k contains three buffer overflows which allow the remote execution of code. Fix available here.
4a8bff199da6f100e224f72780c912d5fb4b0f765ed077517469b6ea5326ca8aIP Sorcery is a TCPIP packet generator which allows you to send TCP, UDP, and ICMP packets with a GTK+ interface.
7839461de607cff1c9e38e192bf90a0ff4851550255a6f824d3e9da1f4da8c68The cipherfunk Patched Linux Kernels provide patch sets that focus on security enhancements, optimizations, and bugfixes to the current stable Linux Kernel. They are suitable for workstation or high-end server use in both production and development environments.
085c5ffdbdbd89012634e6937626af473b29c40dee5510fa36ef855acb0d73a5NSSI Research Labs Security Advisory - Kerio Mail Server v5.x for Windows contains multiple denial of service and cross site scripting vulnerabilities in all mail services and the web mail module of the mail server.
eaeda46462c4a849df147445ef57db0d106619c359883b31544c418d2d5dada8Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
e93123485333da8b54d632f5ec9c863eb29a49e584a917517507750a6aefcb26BBD is a passcode protected remote backdoor with configurable TCP port. After login the backdoor reports if any users or root users are logged in. This version contains an <optional> client which allows you to execute the command remote as well as local by prefixing a command with a semicolon.
be7fa70c5e442deb313dea7e9093292482ecd45654b7e0a211af2fdb11c3e779Fwlogwatch analyzes the ipchains, netfilter, iptables packet filter, and Cisco logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.
4bbf4359eacdc74fbbb8a2d633ffa467fe57e74d5955f0dddf83fceafbe8ae53Tcpreplay v1.2 - Tcpreplay is a set of tools aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
057068ea8ded353c7910c2c940842c04bf213fedd43e58b902125c578c66ab1fNSSI Research Labs Security Advisory NSSI-2002-tpfw - The Tiny Personal Firewall 3.0 for Windows contains contains denial of service vulnerabilities in the activity logger tab of the Personal Firewall Agent module which allow remote attackers to crash the OS, consuming 100% of the CPU.
4369b0114c0361e90582dcab9a61d7e641248ac2189b78b4b81faabc72a906cd/bin/login backdoor by tracewar.
a5dca046dcb7b274a126ab8bb95c6d1337c341f400908f5db631dbe41b2c9f17OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
26d97451915a76700452e2ccdacca3cde7e62150827c460922569d5c72d9f6bfEthereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
ea6ddc17081ac84412c8a67a69ab99933e498b3825ed28dd5c0c4ccb78237ec9Ethereal Security Advisory enpa-sa-00006 - The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions contains a buffer overflow which can be exploited remotely to crash Ethereal or execute arbitrary code as root. To fix, upgrade to Ethereal v0.9.6 or disable the ISIS protocol dissector.
98f78a2eada9861a0e7be750264047f67fae5b481afc765afcb47870519120acHolygrail.c is a remote root exploit for telnetd under Solaris Sparc 2.5.1, 2.6, 2.7, and 8. Verified to work against Solaris 7 and 8 sparc - spawns a root shell.
db9942f1b9b94f9665e2d1ea631b7cd99d363ce639e4f91ab79966997e37ceaa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed