The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
3544bd1fd27aa8fa3df4329096c55aa3b7f777a2c2c09e4477e58f7ae9138249
Fwlogwatch analyzes the ipchains, netfilter, iptables packet filter, and cisco logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.
38a4618a31fc1285ec09c7f308403a3c9d231e44cad4ed5a6e01792889589d33
THC-WarDrive v2.1 is a linux based tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, supporting NMEA GPS devices.
8e82cd28f9c5f748d3b29c834dec5b9a6d0ea90c298d41b22c7ce6582952c966
Microsoft Security Advisory MS01-051 - Three dangerous vulnerabilities have been found in Internet Explorer 5.0. The first causes sites that have no dots in the IP address to run with less security restrictions. The second allows an attacker to include HTTP requests that would be sent to the site as soon as a connection is established, appearing to have originated from the user. The third is a variation of MS01-015 which affects only NT and 2000 machines running SFU 2.0, a version of telnet which allows session transcripts. An attacker could start a transcript and stream an executable on to the users drive. Microsoft FAQ on these issues available here.
5fff8c36325b247a93e7bb0a218d464a73849be62674903e9f812f2782899b8f
IDS/A is an API which programmers can use to add security awareness to their applications. This is implemented via an integrated reference monitor, logger and IDS which is accessible to applications through a simple API. Applications can use this infrastructure to delegate access control and intruder detection to idsa.
c9e3fa1f786665ed1060f7b1217d60947083c5f7d6d9a2db316c7687993c1023
IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target.
515c2f37c0bc9474bbd4ec5b26a029b5e1c2d7d60efb0944624995fe0b1b31ef
Exploiting Format String Vulnerabilities v1.2 - Includes over 30 pages of well organized information along with several examples.
4ec81ccf82417d72ae0551b3d1085e97a9b9867f7c180e6ba8dd7c5b18eb6b66
IOB stands for I/O bridge, a simple tty chaining program. It can be used to log almost any session, including ssh, gpg, pgp, cfsattach, losetup, etc.
29c258374e9799d3f17c6e1042df216aa63e48c532e3dc875a467a0d72b893c3
FreeBSD Security Advisory FreeBSD-SA-01:62.uucp - Taylor UUCP is incorrectly configured by default, allowing local users to run commands as the uucp user and dialer group, allowing local root access.
797e95c03a16117c03ba2eaab3ffdcd1c0a46ef1136c97236d76b2631c524cef
FreeBSD Security Advisory FreeBSD-SA-01:61 - If the squid proxy port is configured in acceleration-only mode, ACL's are ignored, allowing a remote attacker to use the squid server in order to issue requests to hosts that are otherwise inaccessible. Because the squid server processes these requests as HTTP requests, the attacker cannot send or retrieve arbitrary data. However, the attacker could use squid's response to determine if a particular port is open on a victim host. Therefore, the squid server may be used to conduct a port scan.
d7afc519a56bcddfcb9d5838ba965cce7299010dcb9428d5dd7ea0cf54a41246
The Sentinel project is designed to be a portable, accurate, and effective implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, icmp etherping test, and ARP test. Tested on OpenBSD-3.0beta, FreeBSD 4.0, Netbsd 1.5.2, and Linux 2.4.x.
ba808bc62d2d43d00e7abd9c078c366ef0e6f689e632ec39c75f19a573034883
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
d68c074164985155f1cfd504a7a9a8614519f1212f938164f858d172cfdcd304
fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.
ddbd7510713a7ada09bfe92de6fcefa570c3b2689b3ecadaf5a7a2b7d12d7920
Reptor is a utility designed to aid the analysis of Axent/Raptor firewall logfiles which generates HTML reports which can include traffic summaries and alert messages that are based on highly customizable conditions. It has built in support for logfile retrieval, FTP, and SMTP allow it to be easily automated.
7d32950aea0797521b45cb694670536c53c026a5daeebe2f07f2a35df68c33e1
Microsoft Security Advisory MS01-050 - Excel and PowerPoint contain a flaw in the macro security framework which allows malicious users to bypass all macro checking, allowing attackers to run code of their choice when an Excel or PowerPoint document is opened. Microsoft FAQ on this issue available here.
979fdaca159af66b77ef4fce08b0f0c8ef791e8fe955b61c5380ab9c0045204e
Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
0ff014554ff5f6e52c2fcc3638ee710af2c7053143a3f95659761f0aa510a287
Stegdetect is an automated tool for detecting steganographic content in images which is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, and outguess 01.3b.
3e14fc3e9330887f7ae5d65a736bb435101c14a0ab1e161659e7cd296c29b780
Packet Storm new exploits for September, 2000.
f37ed49f9fab70a3d7c2be9c3b5c02fc2f9029da33739f9475b5045152993601
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
34192961ae47cf0ada6d157751581dd8baf9c3d32d6e7c8e0b975202cf121333
IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.
0423982c29e13530d7b535faacc7676cbd8d59c91f0674364c683805b5dcfc9a
Code red scanner which checks for root.exe.
28a96844575fe6935af74cba12290055e57f4859a653c6d4d10d8f9998b3cb72
ISS X-Force has discovered a format string vulnerability in the ToolTalk RPC service present on many commercial Unix variants. The ToolTalk database server (rpc.ttdbserverd) contains a format string vulnerability that may allow remote attackers to crash the ToolTalk service, or execute arbitrary code on a target system with super user privilege.
7b3937ec0ff2a6f8ab2b30dddccd69238b157ccf162a4101a1d63bff08da76b8
Vma_rw_chk is a small security module for Linux-2.2.19 which prevents most exploits from working by wrapping execve() and checking to see that the caller does not call from a writable memory segment. Since most local (and many remote) exploits call execve() or similar from the stack (and environment, which is also placed on the stack), which is writable, it prevents most standard exploits from working.
c8098ded9ea7fa0d52258d7407c6ff4adb48271a9088e814bb707ce22eec4dbd
Aimrape is a remote denial of service exploit for AOL Instant Messenger (AIM) v4.7.2480 and below.
c17d8ee6398376f4d724d76f59aaa21ddccf273248b5f1d0ea64858425f4c21c
A guide for breaking into computer networks from the Internet v3.1 - Includes host enumeration, scanners, custom tools, protocols, windows information, and much more. PDF format.
5642b5fd57ab06d3f07c54c62e9e19ae2b481c0682ffaefba65288589227982e