what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

snortrigger.c
Posted Sep 13, 2005
Authored by nitrous

Snort versions 2.4.0 and below remote proof of concept exploit that creates a malformed TCP/IP packet that will trigger a vulnerability in the PrintTcpOptions() function from log.c.

tags | exploit, remote, tcp, proof of concept
SHA-256 | 5cb6f490e8d8bdbbc7c4c7316ff20da370bf31d280b268795c2bb556ca899b9a

Related Files

Packet Fence 3.5.0
Posted Aug 2, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements. It adds a remediation module for SourceFire 3D, the ability to have different captive portals depending on the SSID you connect to, a new Web-based configuration tool which eases the installation and configuration process of a new PacketFence installation, and complete Suricata support.
tags | tool, remote
systems | unix
SHA-256 | 04d68118540aa72d1079d73c6cbd5d757435496db0dd4e260130a127a8844be7
Suricata IDPE 1.3
Posted Jul 8, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release adds a TLS/SSL handshake parser, an HTTP user agent keyword, experimental rule reloading support, AF_PACKET bpf support and packet loss counters, Napatech hardware support, a configuration test mode, a rule analyzer, and on-the-fly MD5 calculation and matching for files. Performance and scalability have been improved.
tags | tool, intrusion detection
systems | unix
SHA-256 | e04c26178dc146b9bd7843e72fd7fdecf3195b883789550077a13046fd4cc69b
Packet Fence 3.4.0
Posted Jun 14, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements, including Brocade and H3C hardware support, Debian Squeeze support, more custom VLAN support, node bulk importation improvements, new bandwidth graphs, performance tweaks, stability improvements, and a security fix.
tags | tool, remote
systems | unix
SHA-256 | 74b9505aefce9b9b5e02bc6eb31e0b44de771b4a3fd5c73edbb8c4870f56a7d2
Packet Fence 3.3.0
Posted Apr 16, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: A major release focused on new features and enhancements. AlliedTelesis switches support. Introduction of Role-Based Access Control (RBAC) for Aruba, AeroHIVE, Meru, and Motorola equipment. Guests can now pre-register in advance or have their network access sponsored. Simplified inline enforcement. Several new configuration parameters that affects guest handling. Noteworthy fixes include a RADIUS Identity privacy fix and Captive portal look on mobile devices (smartphones and tablets). There is some polishing and translation updates.
tags | tool, remote
systems | unix
SHA-256 | 4f8b4518e51638a4a7ae0c0c2a4a8d382eca998798bac68923b88a5731cfb863
Building Wireless IDS Systems Using Open Source
Posted Apr 13, 2012
Authored by Champ Clark III

This is a detailed paper on building your own WAP and Wireless IDS system from scratch using open source tools like Kismet, Snort and Sagan.

tags | paper
SHA-256 | e8493f6ce980099203e0171a505425a6fd32193451e07cab0cf78651fc5eb149
Snort 2 DCE/RPC Preprocessor Buffer Overflow
Posted Apr 10, 2012
Authored by Neel Mehta | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2006-5276, OSVDB-67988
SHA-256 | 4831463187a96ae8a63ec6bde91a0cbca65b38578ad54e60da0525ce6c81e52a
Sagan Log Monitor 0.2.1
Posted Apr 6, 2012
Authored by Champ Clark III | Site sagan.softwink.com

Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.

Changes: Several bug fixes and code clean up.
tags | tool, sniffer
systems | unix
SHA-256 | 6c4fe7128a01c6f309bd181563c54cdf0abf2f623db78e0207f9c69176b15858
Aanval Intrusion Detection Tool 7
Posted Mar 12, 2012
Site aanval.com

Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.

Changes: No more Adobe Flash! All HTML & Javascript. Network Situational Awareness, device and network configurations, new snort and syslog importing and processing system, event tagging, new charting and graphing system and much, much more.
tags | tool, sniffer
systems | linux, unix, apple, osx
SHA-256 | 29cb7e0c535a6404936891ae9b0a751ee670c68ad1e549eedae7aa5f981c682b
Packet Fence 3.2.0
Posted Feb 24, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a major release focused on new features and enhancements. It has OpenVAS Vulnerability Assessment integration for free client-side policy compliance. Per-user bandwidth limits can be imposed using RADIUS accounting information. A new billing engine was integrated in the captive portal, allowing a variety of paid-for Internet access workflows. Several performance enhancements and more robust handling of configuration mistakes. Many bugfixes, small enhancements, and translation updates.
tags | tool, remote
systems | unix
SHA-256 | ba03e5371037a7543536b1b3657f4b8d9eb3f36d5711e818d4cc69d3057f12f4
Secunia Security Advisory 47871
Posted Feb 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Snort Report, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | 02d2265b061755acafdc404dc5df75626bc2ae70dc753e0529104e2fce916e19
Snort Report 1.3.2 Local File Inclusion
Posted Feb 6, 2012
Authored by T0xic

Snort Report versions 1.3.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | d11898aa98496c3eaac9fb4d890600ac6604d3b0a6e0e858972923230c98edea
Snort Report 1.3.2 SQL Injection
Posted Jan 30, 2012
Authored by a.kadir altan

Snort Report versions 1.3.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7ac11a9eb9c4af7ae958f9e6572c3363d054e93d2c7c025644e592843827575f
Suricata IDPE 1.2.1
Posted Jan 21, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Writing of malformed unified2 log records was fixed. TCP timeout handling was improved.
tags | tool, intrusion detection
systems | unix
SHA-256 | 169ac90c0d9c14387532ae5f2d14b14ee33feed7db97f14ee7cb54f2612945a8
Suricata IDPE 1.2
Posted Jan 19, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: PCAP live runmodes were fixed. CPU affinity settings for live runmodes were fixed. Windows/Cygwin path handling was improved.
tags | tool, intrusion detection
systems | unix
SHA-256 | 7915f5ba4ff02af2da4e132cc03472d674c4633ae0e4c0bacad2a58daad5e262
Packet Fence 3.1.0
Posted Dec 24, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: A major release focused on new features and enhancements. Statement of Health (SoH) support for reliable client-side policy compliance, detection of rogue DHCP Servers through routers, RADIUS Change of Authorization (RFC3576) support for reliable and fast authorization changes, new charts in Web Admin, wireless profile provisioning for iPod, iPhone, and iPad devices, SNMP traps overload protection, improved captive portal detection on Mac OS X Lion and mobile devices, and support for stacked Cisco 3750 switches. There are also the usual minor performance optimizations and several bugfixes.
tags | tool, remote
systems | unix
SHA-256 | 044920c66eb9174ee0f01d8d37ac070092da5cf941fd368330fbbaac4a915a9c
Snort IDS 2.9.2
Posted Dec 15, 2011
Authored by Martin Roesch | Site snort.org

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.

Changes: Various new additions and modifications.
tags | tool, overflow, cgi, sniffer, protocol
systems | unix
SHA-256 | 04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb
Suricata IDPE 1.1.1
Posted Dec 8, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release fixes a crash in the SMTP parser and a problem with AF_PACKET compilation.
tags | tool, intrusion detection
systems | unix
SHA-256 | 6ff337ca71ca015d50e73a2bb90e02d894b617935482802102648d51b3876fac
Packet Fence 3.0.3
Posted Nov 22, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: A minor release focused on important fixes but with some enhancements. There are performance improvements, Cisco 6500 switch support, better support for the HP Procurve 5400, translation improvements, new add-on tools, and better documentation. There are cosmetic changes in the Web Admin, fixes for some network device problems, several inline enforcement improvements, and handling of some captive portal corner cases.
tags | tool, remote
systems | unix
SHA-256 | 568f63c98410073668be2ccda05bf8f671271f5e5d69f757a680a0c844b774cc
Firewall Log Watch 1.3
Posted Nov 15, 2011
Authored by Boris Wesslowski | Site kyb.uni-stuttgart.de

fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.

Changes: This release adds IPv6 support for netfilter, dns cache initialization, and ASA parser extensions.
tags | tool, web, firewall
systems | cisco, linux, unix, solaris, irix, bsd, hpux
SHA-256 | da806dbaaa56fdfd36a208b15bfeccaa0531f0789ad1355e43c047523ea60a48
Suricata IDPE 1.1
Posted Nov 12, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Performance, accuracy, and stability were improved. Many HTTP rule keywords added. Several SSL keywords have been added. Event suppression support was added. SCTP decoding support was added. IPS mode was improved. An SMTP parser was added. Protocol detection was improved. Extended HTTP output was added. AF_PACKET support was added. PF_RING support was improved. Pcap logging was added. The stream engine was improved.
tags | tool, intrusion detection
systems | unix
SHA-256 | dc76a25ff5ca9df613a9ea69f52ad506f05aa62852c242b3450ce8b02e405a39
Packet Fence 3.0.2
Posted Oct 25, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This minor release focused on small improvements and fixes, including some security fixes. Enhancements included Trapeze hardware support, support for wireless devices in bridge mode, and guest management options put behind configurable values. There were several inline enforcement and guest management fixes, changes to default firewall rules, fixes for long-standing issues with the pie charts in the Web admin, and several other minor bugfixes.
tags | tool, remote
systems | unix
SHA-256 | af3d1d15aee34cb94384d7f4243732ec621858e184034b9f9d47e3d472356071
Secunia Security Advisory 46054
Posted Oct 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in Snort Report, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 6039290900e1769b667030a0930d989e2dfef024870c757fec1e9c7526d2ec9d
Packet Fence 3.0.0
Posted Sep 22, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a major release focused on several new features. It has a redesigned captive portal, complete guest management including self-registration of devices by email activation or SMS, and pre-registered guest creation by administrators. It has a new feature to secure network access on unmanageable (consumer) devices (so-called inline enforcement). Bandwidth tracking with RADIUS accounting, RHEL / CentOS 6 support, and several usability improvements are in as well. Several things that annoyed the developers but that involved breaking changes have been fixed.
tags | tool, remote
systems | unix
SHA-256 | 20c69e1f380cf1263b9ca1277688da3d530b4f35a666f85f08603a6cfb7fcf67
Sagan Log Monitor 0.2.0
Posted Aug 23, 2011
Authored by Champ Clark III | Site sagan.softwink.com

Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.

Changes: This is primarily a bug fix / stability release. This release addresses many issues.
tags | tool, sniffer
systems | unix
SHA-256 | cda2d1e4c0e93403469d21af672957302eabebade346a1f67036ae7427f3e399
Suricata IDPE 1.0.5
Posted Jul 26, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: A stream engine bug was fixed. Various issues found by the Coverity source code analyzers were fixed.
tags | tool, intrusion detection
systems | unix
SHA-256 | 7381236165d37b5974cbb51ee58884413e49529ce223d96ba467ddecdb3a4e33
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close