The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
3544bd1fd27aa8fa3df4329096c55aa3b7f777a2c2c09e4477e58f7ae9138249Fwlogwatch analyzes the ipchains, netfilter, iptables packet filter, and cisco logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.
38a4618a31fc1285ec09c7f308403a3c9d231e44cad4ed5a6e01792889589d33THC-WarDrive v2.1 is a linux based tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, supporting NMEA GPS devices.
8e82cd28f9c5f748d3b29c834dec5b9a6d0ea90c298d41b22c7ce6582952c966Microsoft Security Advisory MS01-051 - Three dangerous vulnerabilities have been found in Internet Explorer 5.0. The first causes sites that have no dots in the IP address to run with less security restrictions. The second allows an attacker to include HTTP requests that would be sent to the site as soon as a connection is established, appearing to have originated from the user. The third is a variation of MS01-015 which affects only NT and 2000 machines running SFU 2.0, a version of telnet which allows session transcripts. An attacker could start a transcript and stream an executable on to the users drive. Microsoft FAQ on these issues available here.
5fff8c36325b247a93e7bb0a218d464a73849be62674903e9f812f2782899b8fIDS/A is an API which programmers can use to add security awareness to their applications. This is implemented via an integrated reference monitor, logger and IDS which is accessible to applications through a simple API. Applications can use this infrastructure to delegate access control and intruder detection to idsa.
c9e3fa1f786665ed1060f7b1217d60947083c5f7d6d9a2db316c7687993c1023IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target.
515c2f37c0bc9474bbd4ec5b26a029b5e1c2d7d60efb0944624995fe0b1b31efExploiting Format String Vulnerabilities v1.2 - Includes over 30 pages of well organized information along with several examples.
4ec81ccf82417d72ae0551b3d1085e97a9b9867f7c180e6ba8dd7c5b18eb6b66IOB stands for I/O bridge, a simple tty chaining program. It can be used to log almost any session, including ssh, gpg, pgp, cfsattach, losetup, etc.
29c258374e9799d3f17c6e1042df216aa63e48c532e3dc875a467a0d72b893c3FreeBSD Security Advisory FreeBSD-SA-01:62.uucp - Taylor UUCP is incorrectly configured by default, allowing local users to run commands as the uucp user and dialer group, allowing local root access.
797e95c03a16117c03ba2eaab3ffdcd1c0a46ef1136c97236d76b2631c524cefFreeBSD Security Advisory FreeBSD-SA-01:61 - If the squid proxy port is configured in acceleration-only mode, ACL's are ignored, allowing a remote attacker to use the squid server in order to issue requests to hosts that are otherwise inaccessible. Because the squid server processes these requests as HTTP requests, the attacker cannot send or retrieve arbitrary data. However, the attacker could use squid's response to determine if a particular port is open on a victim host. Therefore, the squid server may be used to conduct a port scan.
d7afc519a56bcddfcb9d5838ba965cce7299010dcb9428d5dd7ea0cf54a41246The Sentinel project is designed to be a portable, accurate, and effective implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, icmp etherping test, and ARP test. Tested on OpenBSD-3.0beta, FreeBSD 4.0, Netbsd 1.5.2, and Linux 2.4.x.
ba808bc62d2d43d00e7abd9c078c366ef0e6f689e632ec39c75f19a573034883Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
d68c074164985155f1cfd504a7a9a8614519f1212f938164f858d172cfdcd304fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.
ddbd7510713a7ada09bfe92de6fcefa570c3b2689b3ecadaf5a7a2b7d12d7920Reptor is a utility designed to aid the analysis of Axent/Raptor firewall logfiles which generates HTML reports which can include traffic summaries and alert messages that are based on highly customizable conditions. It has built in support for logfile retrieval, FTP, and SMTP allow it to be easily automated.
7d32950aea0797521b45cb694670536c53c026a5daeebe2f07f2a35df68c33e1Microsoft Security Advisory MS01-050 - Excel and PowerPoint contain a flaw in the macro security framework which allows malicious users to bypass all macro checking, allowing attackers to run code of their choice when an Excel or PowerPoint document is opened. Microsoft FAQ on this issue available here.
979fdaca159af66b77ef4fce08b0f0c8ef791e8fe955b61c5380ab9c0045204eSamhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
0ff014554ff5f6e52c2fcc3638ee710af2c7053143a3f95659761f0aa510a287Stegdetect is an automated tool for detecting steganographic content in images which is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, and outguess 01.3b.
3e14fc3e9330887f7ae5d65a736bb435101c14a0ab1e161659e7cd296c29b780Packet Storm new exploits for September, 2000.
f37ed49f9fab70a3d7c2be9c3b5c02fc2f9029da33739f9475b5045152993601Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
34192961ae47cf0ada6d157751581dd8baf9c3d32d6e7c8e0b975202cf121333IPA is highly configurable IP accounting software for Free and Open BSD. It allows to make IP accounting based on IP Firewall and/or IP Filter accounting rules. In most cases IP Accounting Daemon is run on public servers, software routers, etc. It uses powerful IP Firewall and/or IP Filter accounting rules and based on its configuration allows to escape from writing scripts to manage network accounting.
0423982c29e13530d7b535faacc7676cbd8d59c91f0674364c683805b5dcfc9aCode red scanner which checks for root.exe.
28a96844575fe6935af74cba12290055e57f4859a653c6d4d10d8f9998b3cb72ISS X-Force has discovered a format string vulnerability in the ToolTalk RPC service present on many commercial Unix variants. The ToolTalk database server (rpc.ttdbserverd) contains a format string vulnerability that may allow remote attackers to crash the ToolTalk service, or execute arbitrary code on a target system with super user privilege.
7b3937ec0ff2a6f8ab2b30dddccd69238b157ccf162a4101a1d63bff08da76b8Vma_rw_chk is a small security module for Linux-2.2.19 which prevents most exploits from working by wrapping execve() and checking to see that the caller does not call from a writable memory segment. Since most local (and many remote) exploits call execve() or similar from the stack (and environment, which is also placed on the stack), which is writable, it prevents most standard exploits from working.
c8098ded9ea7fa0d52258d7407c6ff4adb48271a9088e814bb707ce22eec4dbdAimrape is a remote denial of service exploit for AOL Instant Messenger (AIM) v4.7.2480 and below.
c17d8ee6398376f4d724d76f59aaa21ddccf273248b5f1d0ea64858425f4c21cA guide for breaking into computer networks from the Internet v3.1 - Includes host enumeration, scanners, custom tools, protocols, windows information, and much more. PDF format.
5642b5fd57ab06d3f07c54c62e9e19ae2b481c0682ffaefba65288589227982e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed