exploit the possibilities
Showing 601 - 625 of 851 RSS Feed

Intrusion Detection Files

checksyslog12.tar.gz
Posted Dec 13, 1999
Site jammed.com

Analyze your syslogs for security or system problems by creating a list of normal behaviour to ignore; everything else is something you should be aware of. Requires perl 5.

tags | tool, perl, intrusion detection
systems | unix
SHA-256 | a4626676b5ffe216cedb28247dbad441c03e97009db3d8215c2b82542511f0da
tocsin116.tar.gz
Posted Dec 12, 1999
Site eng.auburn.edu

toscin is a basic IDS system that uses packet filtering to warn against possible attacks against specified services. It basically watches the local network for SYN connections to certain services, and sends notification. Solaris 2.x possibly others.

tags | tool, local, intrusion detection
systems | unix, solaris
SHA-256 | 06069c45e5ec8ef33117592147cdfc24c37a3cc99b890a120d02decafdc6d6fc
guard26.tar.gz
Posted Dec 11, 1999
Site penguin.cz

This linux tool is more an early warning system than IDS. it scans system logs for signs of intrusion in real time. produces colored output on the tty, sends alerts and regular reports. Excellent database of suspicious logfile strings included.

tags | tool, intrusion detection
systems | linux, unix
SHA-256 | 991fee1240493841d942a05ffab5ef5d95051155144bbcb9dbabe4e3ff1352a8
whowatch-1.3.tar.gz
Posted Dec 10, 1999

Whowatch is a ncurses who-like utility that displays information about the users currently logged on to the machine, in real-time. Besides standard information (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown. You can toggle display between users' command or idle time. You can also view processes tree and send INT and KILL signals.

tags | tool, intrusion detection
systems | unix
SHA-256 | c0305ae9774f9652325025084821d5835882589cf2b3ebf3c0143089435bfc71
logcalls.c
Posted Dec 7, 1999
Authored by Pheisar | Site ccl.pt

Kernel module which logs specific system calls to a logfile. Tracks mkdir, rmdir, link, and open.

tags | tool, kernel, intrusion detection
systems | unix
SHA-256 | 739466ea19f402e721ecc39d1bd57cc11892e68417801d26674508300c43c177
logcheck-1.1.1.tar.gz
Posted Dec 2, 1999
Authored by Craig Rowland | Site psionic.com

Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail.

tags | tool, intrusion detection
systems | unix
SHA-256 | dfe4cb29305c619dc0a0aca5b11b2bd397baccf3076b48f03457f66f299ab42e
logsurfer-1.41.tar.gz
Posted Dec 2, 1999
Authored by Wolfgang Ley | Site cert.dfn.de

logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.

tags | tool, intrusion detection
systems | unix
SHA-256 | 544d9a0a79ddca06aa9c17d04f98e8f51ea727e3420c9328c79cdd428d89689e
portsentry-1.0.tar.gz
Posted Dec 2, 1999
Authored by Craig Rowland | Site psionic.com

PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.

Changes: Correct ignoring of hosts, and a Y2K fix for log file output, using a four-digit year. This doesn't affect PortSentry, but may affect programs that look at the log files it generates.
tags | tool, udp, tcp, intrusion detection
systems | linux, unix
SHA-256 | dcd261b2ed7cb1fc2b602b0b94fa7d47cfbbfaf03a0fb3d92ce243e2f647588d
alert_1.3.tar
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.

tags | tool, remote, intrusion detection
systems | unix
SHA-256 | 10f4b8a670367efd29cc6f1e2b1080b57abab5342acc80ce9ffe06156a3179e0
Samhain File Integrity Checker
Posted Nov 16, 1999
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a tool for verifying the integrity of files. It uses the TIGER message digest algorithm to generate a database for files and directories listed in the configuration file. After initializing the database, samhain can run as a background process, performing checks at user-defined intervals. Results can be written to a log file and/or forwarded to another host by e-mail. Log file entries are signed to prevent tampering. The current version is tested on Linux only.

tags | tool, intrusion detection
systems | linux, unix
SHA-256 | 1505f8f9c2445ed1a8767f0ce6bdd68622d0740af23fed22db953ce348336066
eoe232.tar.gz
Posted Nov 16, 1999
Authored by S. Krahmer

Eyes on Exec 2.32 is a set of tools which you can use to build your own host based IDS. It watches for programs getting exec'd and logs information about it to a file. Combined with perl this can be extremely powerful. Requires linux kernel 2.2.

tags | tool, kernel, perl, intrusion detection
systems | linux, unix
SHA-256 | 721aa1dc02e15a1fb8384fa30f37cc22af65e7cc1755e2bc04a94eaffd14de73
logwatch-0.1.tgz
Posted Nov 9, 1999
Authored by Jeremy Weatherford | Site sourceforge.net

Logwatch provides a client/server architecture for viewing logfiles on multiple machines on a network. With a single daemon process running on each participating computer, logfiles can be tailed from any authorized machine. Multiple logfiles on multiple machines can be followed with a single client process by specifying the machines and files to follow.

tags | tool, intrusion detection
systems | unix
SHA-256 | 39583b7bcfa05e6bac8964d2e2ed38b98707b722312bb43babd2ca27f6bad959
firesoft.tar.gz
Posted Nov 9, 1999
Authored by Angelos Karageorgiou

firesoft is a collection of Perl scripts for viewing snort-generated logs and ipchains logs. The package includes a bar chart creator from ipchains logs, to quickly view who has been scanning you the most.

tags | tool, perl, intrusion detection
systems | unix
SHA-256 | 4fb6ac3726d2ee46e1eed632e9031387e99c60694386b203fba668c5142b6c47
tailbeep-0.43.tar.gz
Posted Oct 27, 1999
Authored by Tommy. | Site soomka.com

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall).

Changes: Added -F (frequency) and -M (milliseconds) option, added -x "command" option, cleaned up the help screen, and you can use -p and -P at the same time now if you want both the entire line and a predefined message.
tags | tool, intrusion detection
systems | unix
SHA-256 | f48d24516c0e62148cbb782e1cb62c1b16b0c0a4f5d49100f27fe7568d015b5a
suidshow.c
Posted Oct 27, 1999

suidshow.c is a linux lkm that will log any non-root user doing a setuid(0) or a setreuid(0,0) system call. CyberPsychotic

tags | tool, root, intrusion detection
systems | linux, unix
SHA-256 | 5089cc902d75283bd99aa843ad384439e5b1b862509c70dfa40b9ccae967e300
logcolorise-1.0.7.tar.gz
Posted Oct 26, 1999
Authored by Mike Babcock

Logcolorise is a PERL script to make your syslog generated log files much more legible by colourising them (context highlighting based on keywords).

tags | tool, perl, intrusion detection
systems | unix
SHA-256 | c63321d7d299bfb4acc2b06a4c5e8179a58c46288c934847e20ecb25751c7ee1
tailbeep-0.41.tar.gz
Posted Oct 26, 1999
Authored by Tommy. | Site soomka.com

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)

Changes: The Ability to specify a message to speak instead of the line in the watched file (using -p), the old -p has been moved to -P to speak the line in the file, and the -V (version) and -S (sleep time) options have been added.
tags | tool, intrusion detection
systems | unix
SHA-256 | 0011bf9bb3235b1f12a7a203cf243e8db9ffb91b311a8147d9873a667d78fb33
libnids-1.12.tar.gz
Posted Oct 25, 1999
Authored by Nergal | Site packetfactory.net

Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convinient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you don't have to build low-level network code. If you decide to use libnids, you have got E-component ready - you can focus on implementing other parts of NIDS.

tags | tool, local, intrusion detection
systems | unix
SHA-256 | 37aab0e12817880ae502de7bec0810e0df2e1c6ee7cd328e933f0bca7751c656
tailbeep-0.3.tar.gz
Posted Oct 22, 1999
Authored by Tommy. | Site soomka.com

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)

Changes: Speech (through speechd) and a debug option.
tags | tool, intrusion detection
systems | unix
SHA-256 | 44c568b15d10d6153f5b49137e01ff1d3ba63549b16e672d0a3990bf420a5186
rpc_gotcha_beta1.1.tar.gz
Posted Oct 21, 1999
Authored by Chad Renfro | Site renfro.homepage.com

Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks. Changes : This version has some major bug fixes , memory leaks and signature issues. It will also read tcpdump capture files in a batch mode.

tags | tool, overflow, intrusion detection, memory leak
systems | unix
SHA-256 | 47e916295ba31b13f5d2c3e1ee1298ccbaa67084f08de4d1c4ed07f5a57002d2
sherpa-0.1.3.tar.gz
Posted Oct 20, 1999
Authored by Rick Crelia | Site sherpa.lavamonkeys.com

sherpa is a tool for configuring and then checking system security via the console. Written in perl, it allows an admin to maintain a custom database of file and directory permissions and ownership attributes as local needs dictate. Any changes from the prescribed layout will be detected each time sherpa is run. Also, sherpa does some basic system checks (world-writable files, .rhosts and hosts.equiv files, etc.) that help the busy admin keep on top of a system.

tags | tool, local, perl, intrusion detection
systems | unix
SHA-256 | 7d9a5cdc6b941a0b37126d89ee9153a4a21c836a27c959ffff39bb272ea1fff5
FCheck_2.07.45.tar.gz
Posted Oct 20, 1999
Authored by Mike Gumienny | Site sites.netscape.net

FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.

tags | tool, perl, intrusion detection
systems | unix
SHA-256 | b496520b28cfcbbf5d352dfe9a9b74dfc01978e4a1988f2a59f9f2c6ef4cf28b
tailbeep-0.2.tar.gz
Posted Oct 19, 1999
Authored by Tommy.

Tailbeep opens a file (-f), seeks to the end, and watches for a string (-s). If the string is found, a beep is sent to the specified tty (-t) device. You can also daemonize (-d) it. I wrote it so I could watch /var/log/messages for the DENY string (so I can tell if someone is trying to break into the firewall.)

tags | tool, intrusion detection
systems | unix
SHA-256 | b0291d4a76fe976aae9873a5039b4f8ff351c4f610e7b617251814bdc375a0c3
iplimit-0.9.tar.gz
Posted Oct 7, 1999

IPLimit is a security tool to prevent some denial of services on common internet daemons. It will dynamically reject connections from hosts thatalready connected too many times on the same service or the same server. And only these strobe makers will be rejected, not trusted people. IPLimit is fully configurable : you can, for instance, allow 40 connections per second for SMTP, and only 1 per minute for Telnet. It needs the TCPREMOTEIP and TCPLOCALPORT environment variables, so that IPLimit has to be used with a super-server like G2S or TCPServer. You can also use any other inetd variant if you have the tcp-env program (from Qmail). IPLimit was tested on Linux but should work on any other Unix implementation with or without minor changes.

tags | tool, denial of service, tcp, intrusion detection
systems | linux, unix
SHA-256 | 9b0eb17b70cae3acbd2924d8bb3df048ceccc94275bad8e5a541747e0235eb3d
tcp_wrappers_7.6.BLURB
Posted Oct 5, 1999

Blurb for tcp_wrappers_7.6.tar.gz

tags | tool, intrusion detection
systems | unix
SHA-256 | ba6ca8ba9ee13ef06fd505b3d9e5b285d454a0e72b86349ac550c1bf7bb075cc
Page 25 of 34
Back2324252627Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close