exploit the possibilities
Showing 551 - 575 of 796 RSS Feed

Intrusion Detection Files

logcheck-1.1.1.tar.gz
Posted Dec 2, 1999
Authored by Craig Rowland | Site psionic.com

Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail.

tags | tool, intrusion detection
systems | unix
MD5 | e97c2f096e219e20310c1b80e9e1bc29
logsurfer-1.41.tar.gz
Posted Dec 2, 1999
Authored by Wolfgang Ley | Site cert.dfn.de

logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.

tags | tool, intrusion detection
systems | unix
MD5 | 0871a4f23d91d0e19956b19a4162992b
portsentry-1.0.tar.gz
Posted Dec 2, 1999
Authored by Craig Rowland | Site psionic.com

PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.

Changes: Correct ignoring of hosts, and a Y2K fix for log file output, using a four-digit year. This doesn't affect PortSentry, but may affect programs that look at the log files it generates.
tags | tool, udp, tcp, intrusion detection
systems | linux, unix
MD5 | d2d29e614f1604bd62a23e33d7a7564f
alert_1.3.tar
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.

tags | tool, remote, intrusion detection
systems | unix
MD5 | 59ead035a2a3d0d0079ebc74ec132664
Samhain File Integrity Checker
Posted Nov 16, 1999
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a tool for verifying the integrity of files. It uses the TIGER message digest algorithm to generate a database for files and directories listed in the configuration file. After initializing the database, samhain can run as a background process, performing checks at user-defined intervals. Results can be written to a log file and/or forwarded to another host by e-mail. Log file entries are signed to prevent tampering. The current version is tested on Linux only.

tags | tool, intrusion detection
systems | linux, unix
MD5 | 7ccf46036a8c26d8a7c5fef797c8715d
eoe232.tar.gz
Posted Nov 16, 1999
Authored by S. Krahmer

Eyes on Exec 2.32 is a set of tools which you can use to build your own host based IDS. It watches for programs getting exec'd and logs information about it to a file. Combined with perl this can be extremely powerful. Requires linux kernel 2.2.

tags | tool, kernel, perl, intrusion detection
systems | linux, unix
MD5 | 1667d49e89e15406b5db030836e7d798
logwatch-0.1.tgz
Posted Nov 9, 1999
Authored by Jeremy Weatherford

Logwatch provides a client/server architecture for viewing logfiles on multiple machines on a network. With a single daemon process running on each participating computer, logfiles can be tailed from any authorized machine. Multiple logfiles on multiple machines can be followed with a single client process by specifying the machines and files to follow.

tags | tool, intrusion detection
systems | unix
MD5 | 418b659d5a8c3cc2ddbcc0d415f82710
firesoft.tar.gz
Posted Nov 9, 1999
Authored by Angelos Karageorgiou

firesoft is a collection of Perl scripts for viewing snort-generated logs and ipchains logs. The package includes a bar chart creator from ipchains logs, to quickly view who has been scanning you the most.

tags | tool, perl, intrusion detection
systems | unix
MD5 | 8c68337186a4666bd70651c5764ed602
tailbeep-0.43.tar.gz
Posted Oct 27, 1999
Authored by Tommy. | Site soomka.com

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).

Changes: Added -F (frequency) and -M (milliseconds) option, added -x "command" option, cleaned up the help screen, and you can use -p and -P at the same time now if you want both the entire line and a predefined message.
tags | tool, intrusion detection
systems | unix
MD5 | 15a439c9a8a5db135a96122b367ceb9b
suidshow.c
Posted Oct 27, 1999

suidshow.c is a linux lkm that will log any non-root user doing a setuid(0) or a setreuid(0,0) system call. CyberPsychotic

tags | tool, root, intrusion detection
systems | linux, unix
MD5 | 241bfda6ea160e113020cfd540674192
logcolorise-1.0.7.tar.gz
Posted Oct 26, 1999
Authored by Mike Babcock

Logcolorise is a PERL script to make your syslog generated log files much more legible by colourising them (context highlighting based on keywords).

tags | tool, perl, intrusion detection
systems | unix
MD5 | fa493ff21eff0f5ee3991ca3e122d6c6
tailbeep-0.41.tar.gz
Posted Oct 26, 1999
Authored by Tommy. | Site soomka.com

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)

Changes: The Ability to specify a message to speak instead of the line in the watched file (using -p), the old -p has been moved to -P to speak the line in the file, and the -V (version) and -S (sleep time) options have been added.
tags | tool, intrusion detection
systems | unix
MD5 | 09af9ef12d56fe02fa381a2c671aa959
libnids-1.12.tar.gz
Posted Oct 25, 1999
Authored by Nergal | Site packetfactory.net

Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.

tags | tool, local, intrusion detection
systems | unix
MD5 | 1d5eb8ef14c2729ab1871599ac05734f
tailbeep-0.3.tar.gz
Posted Oct 22, 1999
Authored by Tommy. | Site soomka.com

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)

Changes: Speech (through speechd) and a debug option.
tags | tool, intrusion detection
systems | unix
MD5 | a735879e8c6948b88c63f21c4c57532b
rpc_gotcha_beta1.1.tar.gz
Posted Oct 21, 1999
Authored by Chad Renfro | Site renfro.homepage.com

Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks. Changes : This version has some major bug fixes , memory leaks and signature issues. It will also read tcpdump capture files in a batch mode.

tags | tool, overflow, intrusion detection, memory leak
systems | unix
MD5 | 4ccf621425f9493c349e7751f63fdb4f
sherpa-0.1.3.tar.gz
Posted Oct 20, 1999
Authored by Rick Crelia | Site sherpa.lavamonkeys.com

sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.

tags | tool, local, perl, intrusion detection
systems | unix
MD5 | 8bbb31cc9de6a094556aef48cb9d2410
FCheck_2.07.45.tar.gz
Posted Oct 20, 1999
Authored by Mike Gumienny | Site sites.netscape.net

FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.

tags | tool, perl, intrusion detection
systems | unix
MD5 | 88d587fa9a0254f370db3c4d569dc4bb
tailbeep-0.2.tar.gz
Posted Oct 19, 1999
Authored by Tommy.

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)

tags | tool, intrusion detection
systems | unix
MD5 | b3cbddae198819c742871b1a6324fc1f
iplimit-0.9.tar.gz
Posted Oct 7, 1999

IPLimit is a security tool to prevent some denial of services on common internet daemons. It will dynamically reject connections from hosts thatalready connected too many times on the same service or the same server. And only these strobe makers will be rejected, not trusted people. IPLimit is fully configurable : you can, for instance, allow 40 connections per second for SMTP, and only 1 per minute for Telnet. It needs the TCPREMOTEIP and TCPLOCALPORT environment variables, so that IPLimit has to be used with a super-server like G2S or TCPServer. You can also use any other inetd variant if you have the tcp-env program (from Qmail). IPLimit was tested on Linux but should work on any other Unix implementation with or without minor changes.

tags | tool, denial of service, tcp, intrusion detection
systems | linux, unix
MD5 | 088f855c05f1c5f31edfe28796439eaa
tcp_wrappers_7.6.BLURB
Posted Oct 5, 1999

Blurb for tcp_wrappers_7.6.tar.gz

tags | tool, intrusion detection
systems | unix
MD5 | 627fc45308e852c446c3606647fa8c34
tcp_wrappers_7.6.tar.gz
Posted Oct 5, 1999

Wietse Venema's tcp wrapper. The package provides tiny daemon wrapper programs that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications.

tags | tool, tcp, intrusion detection
systems | unix
MD5 | e6fa25f71226d090f34de3f6b122fb5a
decfingerd-0.7.tar.gz
Posted Oct 4, 1999
Authored by Jon Beaton

decfingerd 0.7: The Deception Finger Daemon. This program will take place of the original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system. Tested on: Linux 2.2.7 -- GCC 2.7.2.3, Solaris 2.7 -- EGCS 1.1.1, OpenBSD 2.5 -- GCC 2.8.1.

tags | tool, intrusion detection
systems | linux, unix, solaris, openbsd
MD5 | e23d3683edd18ead71ac04d9708aa0d6
killerd-0_2.tar.gz
Posted Sep 30, 1999
Authored by Martin Mares

A daemon which kills shells with idle time above a certain limit.

tags | tool, shell, intrusion detection
systems | unix
MD5 | 66d631dcc7c53f6bbe6e6f449ed3e351
tcpreplay-1.0.1.tar.gz
Posted Sep 23, 1999

Tcprelay v1.0.1 - Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.

tags | tool, arbitrary, protocol, intrusion detection
systems | unix
MD5 | 4b9335761e9202abfc175c06b169e991
fragrouter-1.6.tar.gz
Posted Sep 23, 1999

Fragrouter v1.6 - Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs.

tags | tool, tcp, intrusion detection
systems | unix
MD5 | 73fdc73f8da0b41b995420ded00533cc
Page 23 of 32
Back2122232425Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close