Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
c998f200faef5821fde15c1b767260fa0f25665a10da539bf14771e058498261
The Network Security Monitor Daemon is a lightweight (distributed?) network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
848342a5d5417eb00d5a2621a8ecd05922765397c2559d33af29be18b511c60c
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
1d84dc2e46d728cf93b300eaeb662aa2808635a33821cde826d23f41b1df0a60
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
3f3225f58781b125ec0025ae69ddac82e9e8a2e0b1b3bb4b116021812053dfd7
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
1e39c392e1016b61346c7830245b6b687bbb0fe67fc1d4576878af2447c25ac0
Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
92952b60551212215a3ff7938055c795c0c7cf7520c9ecfa02d8165549e7e816
The Sentinel project is designed to be a portable, accurate, and effective implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, icmp etherping test, and ARP test. Tested on OpenBSD-3.0beta, FreeBSD 4.0, Netbsd 1.5.2, and Linux 2.4.x.
ba808bc62d2d43d00e7abd9c078c366ef0e6f689e632ec39c75f19a573034883
Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
0ff014554ff5f6e52c2fcc3638ee710af2c7053143a3f95659761f0aa510a287
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
25d1a40d6e0adbf5ed62b143d1f7a0e416617b5b67d9c4f0e55d11e094db97b4
netl v1.09 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback which provides functionality not found in similar programs. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.
5c0f37cb666914e50b01575f936c4800c589f5a6b7f0052d172debf882e961f7
LaBrea v2.0 is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
23b2e7cad2a4578ea03587998eac0e122e2899f608739aa1a517864514a77f26
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
9bfb02d6c59ccd6b30cc793cca18bdf2b0e7a65aa3de8a99ae9c5f251be31293
Swatch, the Simple Watch Daemon is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
ecc3023e0c1b71e7b0f3d0122473ddd13694810fdb850d77557ebd05c57c6b2d
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
8e8b5c43e13c843370f225ff1003f6b0f2483791e95265a9dc7a0a465faa5d17
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
63fae34c63a02a698038fed5ba22a17cc1df64e3d97358d6bc6910d171ec75af
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
be3c8779ddf9c567462e5553bf2d7d2a4d4a289fcd18d68930b531d67360f039
Prelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
07e1bbaca0c98a435b7f8322276d2ac7c9c7fd73c04776f2db926169a885801c
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
0af199f2e17c821efb6810cf7e3ff308e165e9e3a88dbc63c59e90c2b9093df2
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
fae00696b98d72d39d852cfaf643db6cda13a657fa477e73854249eb09f8dd1a
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
f69297ae0b8f1068f19470d74cfedc384e601a7657fe6aacbe7c236a3db523c0
The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of incidents generated by security software such as IDS's and firewalls (e.g., Snort or ipchains). It provides a search interface for finding alerts matching practically any criteria, including arrival time, signature time, source/dest address/port, flags, payload, etc. ACID also provides the ability to annotate and logically group related events, delete false positives, or archive alerts among databases. A variety of statistics and graphs can be generated based on time, IP address, ports, alert classification, and sensor.
e08027b7d330a234c53242f9b733a6fe8846e0ef01641717de2b9f123754d1c6
Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
65f57e2ad7b7c22483a3f42e9807ae6c22bd831ac181beed6eacdac7a7fdd282
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
d77c1d52b7ede8d864490d563f7de3841605942ac9922a458ccce1868d830305
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
f6d1536844bda3897c7a7ee1beafa6a618fa8544f48798df61fb93e8e5a76663
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
eb06f3c328614365a9fe61b8878acb76cbf364cb695dda37536a3b0e07a13f1f