The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
950455aeab7a3af1e443d3eb59ad11313f0c8ea6f0e1697d331be54a85c40605GuardDog is a firewall configuration utility for KDE on Linux. GuardDog is aimed at two groups of users - novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains parameters. Features an easy to use goal oriented GUI and the ability to generate ipchains scripts as output. Screenshot here.
50183338fa5d55aa72ca20845389acd85ea5d81eee3378606496ac571409b857Netscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
9ee1d9d4733ebd8d7e80e9b5346d734fbe146ee02359a04851d7cdb0bd040932scanssh scans a list of addresses and networks for running SSH servers and their version numbers. scanssh supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH servers in a company or the Internet as whole.
d6e4ab95f68a59f3b30c935e81359f79a6e1519ba3da062fcf29185b1f824c7bA disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
ff3d0ecbcfd3aae1a05edbb12329d7b53e69f35f6276bbcb2fe8b968e739217dSyscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
8e56a3822ddfc6c312bd8cd985b08e7f0b607e9da7825b0d22a4705b46221b69IP Sorcery is a TCPIP packet generator which allows you to send TCP, UDP, and ICMP packets with a GTK+ interface.
68fe5507f49dd0770bfb49b0cd013ea8f074ea97a53911e85cd38873f9cc987cIP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
db11173255576525b85ee5ce00817724d2702399f9af5ccde8e326bdabf29cb4Wu-Ftpd is a portable FTP server.
fc2f30149acca955da1785b2e0388e0c9fe47dded69520dec633273209c5040bMIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12 and will alter or delete various parts of a MIME message according to a flexible configuration file.
28969b2c5e980f91a51d0d371e75b0a0b430147dbddcf9a30bab7dfecb6c7398TrustWall HTTP Proxy v0.9-5 is a secure HTTP proxy which protects web servers (and web browser clients) by checking the HTTP protocol header data. The design has already put most modern web base attacks into consideration and hence can protect most web servers without very in-depth knowledge about the attacking techniques.
0d0cfbfa2eb3a8ca9314ff85bd2718830e92707e736d7baf0dcee783f8905127Aldebaran is an advanced libpcap-based network TCP, UDP, ICMP, and ARP network sniffer which gives a user only a payload from captured data and basic info about addresses and ports (nothing about flags, etc.). This is useful for monitoring data sent by connections and sniffing passwords. It supports filtering packets with not only simple port/address libpcap rules but also payload contents and can send captured data to another host via UDP. It can also encrypt data written to a dump file, analyze interface traffic, and present statistics (packet count, sizes, average speed, etc.) in HTML or a plain text file.
5fd86446dc89c1595f573a6bcd7d765fa321e2a7ae51e8b3e6cbe76696b6a942Ettercap v0.6.2 local root format string exploit. Works if the administrator made Ettercap SUID.
4f7b696cea2b1db223e600477d54422235560202856224be55543c7f58c4a210FreeBSD Security Advisory FreeBSD-SA-01:64.wu-ftpd - Wu-ftpd v2.6.1 and below contains a remote root vulnerability which allows ftp users with anonymous accounts or user accounts to execute code. This may be accomplished by inserting invalid globbing parameters which are incorrectly parsed by the FTP server into command input.
bed19099b553f8ec342c3bbd33c003a2357327bf9a9abe5d374c316e9b571004SSH-2.3.0 client patch to log outgoing usernames, passwords, and hostnames.
ac70dd5c43e7220631199e96f023cd06a6796d6689b45217f7c81ade8e2345b3Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
54ff25e46677231b2fc92927a45b716aa7cffc530903b1efb79922544c1dcd02OpenSSH v3.0.1p1 and below root exploit which only works of the administrator has turned on the UseLogin feature. Uses the libroot library. Requires an account on the remote machine.
b785235fe2fbf2c69f44d93ca622e244033585cf6ba64fbd80330fe466a5f2fcThe Kebi Webmail server allows remote users to have administrator access by going to http://site.com/a/.
5d2ff185f4844973c582f3bddcc8faef759c384b62fe1ca66d7e8a6cc8549176Microsoft Security Advisory MS01-057 - Outlook Web Access (OWA), a service of Exchange 5.5 Server, has a flow which allows remote attackers to take any action against the user's Exchange mailbox that the user himself was capable of, including sending, moving, or deleting messages. If an HTML message that contains specially formatted script is opened in OWA, the script executes when the message is opened. Microsoft FAQ on this issue available here.
bc463ed36dace4a8c770b85f06fab109670e05d1e090147bcfabc694edab5205FreeBSD Security Advisory FreeBSD-SA-01:63.openssh - OpenSSH prior to v3.0.2 has a remote root vulnerability, but only if the administrator set 'UseLogin yes' in the sshd_config file.
521f8bbae1b8707730186dbfe6ec79cfdbb5d86ffe92ddf46345ae69a14b59d4LDAP_Brute.pl is an OpenLDAP brute force auditing application. Written under Slackware 8.0. Brute forces Manager password then Dumps entire Database of user and passwords in format for John the Ripper.
54133368e7dc6d683f31097c304ee7b10afc02a8fd2701c4afdada32653453acAnalog is a program to measure the usage on your web server. It tells you which pages are most popular, which countries people are visiting from, which sites they tried to follow broken links from, and all sorts of other useful information. It is totally free.
8ac2b72bfcc5c6ed92791b6ad1a76136571e5b8eb9ca874fedc96146e9c5fe84fwanalog is a shell script that parses and summarizes firewall logfiles. It currently (version 0.4.1) understands logs from ipf (tested with OpenBSD 2.8's and 2.9's ipf, also FreeBSD and NetBSD), Linux 2.2 ipchains and Linux 2.4 iptables. It has been tested on Debian GNU/Linux "sid" with bash and OpenBSD 2.8 and 2.9 with ksh as /bin/sh. It can be easily extended for other logfile formats, all it takes is editing two regular expressions. Sample report available here.
12920533fe25151e3ced38b92d32d1bea3aab768f99fef447b1eb297e3539a8dPort Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
ad3a1269cc21c10c5746f35c3b548d06c68bc8a7d12baa2475cf864c19d14696Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity. Once installed, Dante can in most cases be made transparent to the clients while offering detailed access control and logging facilities to the server administrator.
b6f0388e4ce5dee0b36dc0f2339bdecad72ef8dcc2b64c7cc0dd90621fa1043c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed