Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
c998f200faef5821fde15c1b767260fa0f25665a10da539bf14771e058498261The Network Security Monitor Daemon is a lightweight (distributed?) network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
848342a5d5417eb00d5a2621a8ecd05922765397c2559d33af29be18b511c60cLsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
1d84dc2e46d728cf93b300eaeb662aa2808635a33821cde826d23f41b1df0a60Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
3f3225f58781b125ec0025ae69ddac82e9e8a2e0b1b3bb4b116021812053dfd7Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
1e39c392e1016b61346c7830245b6b687bbb0fe67fc1d4576878af2447c25ac0Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
92952b60551212215a3ff7938055c795c0c7cf7520c9ecfa02d8165549e7e816The Sentinel project is designed to be a portable, accurate, and effective implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, icmp etherping test, and ARP test. Tested on OpenBSD-3.0beta, FreeBSD 4.0, Netbsd 1.5.2, and Linux 2.4.x.
ba808bc62d2d43d00e7abd9c078c366ef0e6f689e632ec39c75f19a573034883Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
0ff014554ff5f6e52c2fcc3638ee710af2c7053143a3f95659761f0aa510a287Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
25d1a40d6e0adbf5ed62b143d1f7a0e416617b5b67d9c4f0e55d11e094db97b4netl v1.09 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback which provides functionality not found in similar programs. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
5c0f37cb666914e50b01575f936c4800c589f5a6b7f0052d172debf882e961f7LaBrea v2.0 is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
23b2e7cad2a4578ea03587998eac0e122e2899f608739aa1a517864514a77f26Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
9bfb02d6c59ccd6b30cc793cca18bdf2b0e7a65aa3de8a99ae9c5f251be31293Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
ecc3023e0c1b71e7b0f3d0122473ddd13694810fdb850d77557ebd05c57c6b2dFirestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
8e8b5c43e13c843370f225ff1003f6b0f2483791e95265a9dc7a0a465faa5d17Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
63fae34c63a02a698038fed5ba22a17cc1df64e3d97358d6bc6910d171ec75afPrelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
be3c8779ddf9c567462e5553bf2d7d2a4d4a289fcd18d68930b531d67360f039Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
07e1bbaca0c98a435b7f8322276d2ac7c9c7fd73c04776f2db926169a885801cLsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
0af199f2e17c821efb6810cf7e3ff308e165e9e3a88dbc63c59e90c2b9093df2Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
fae00696b98d72d39d852cfaf643db6cda13a657fa477e73854249eb09f8dd1aCode Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
f69297ae0b8f1068f19470d74cfedc384e601a7657fe6aacbe7c236a3db523c0The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of incidents generated by security software such as IDS's and firewalls (e.g., Snort or ipchains). It provides a search interface for finding alerts matching practically any criteria, including arrival time, signature time, source/dest address/port, flags, payload, etc. ACID also provides the ability to annotate and logically group related events, delete false positives, or archive alerts among databases. A variety of statistics and graphs can be generated based on time, IP address, ports, alert classification, and sensor.
e08027b7d330a234c53242f9b733a6fe8846e0ef01641717de2b9f123754d1c6Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
65f57e2ad7b7c22483a3f42e9807ae6c22bd831ac181beed6eacdac7a7fdd282Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
d77c1d52b7ede8d864490d563f7de3841605942ac9922a458ccce1868d830305Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
f6d1536844bda3897c7a7ee1beafa6a618fa8544f48798df61fb93e8e5a76663PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
eb06f3c328614365a9fe61b8878acb76cbf364cb695dda37536a3b0e07a13f1f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed