exploit the possibilities
Showing 626 - 650 of 791 RSS Feed

Intrusion Detection Files

xlogmaster-1.6.0.tar.gz
Posted Aug 17, 1999
Authored by Georg C. F. Greve

Xlogmaster 1.6.0 is a program that lets you monitor everything that's going on on your system in a very quick and comfortable way. It allows reading logfiles, devices or running status-gathering programs, translating all data (if wished) and displaying it with filters for highlithing / lowlighting / hiding lines or taking actions upon user-defined events. Filters allow to raise/lower/hide lines. Due to usage of the GTK+ toolkit and full runtime configurability the user can modify the appearance of the xlogmaster to whatever fits his desktop best.

Changes: Complete "Customize" Menu rewrite, Plugin support, GTK+ 1.2.0 compliant, the EXEC lines now allow pipes, keyboard accelerators for entries and for menu, support for a system wide entry database and for personal entry database, now catches logfile rotation and a new mode (RUN) that allows execution of any program to gather information about the system and evaluate it's stdout and stderr. Excellent program! Compiles and runs on just about every flavor of UNIX/Linux. Too many features to list here, so check out the Xlogmaster web site.
tags | tool, intrusion detection
systems | unix
MD5 | b1900ebae821656fb6b7f028fab8bf10
abacus-sentry.lsm
Posted Aug 17, 1999

Detailed descriptions of the PortSentry, HostSentry, and LogCheck tools included in the Abacus Project suite of Intrusion Detection tools. Abacus Project web site

tags | tool, web, intrusion detection
systems | unix
MD5 | 54b8d9d6eadd7f6f9195e6c9b8027646
hostsentry-0.02.tar.gz
Posted Aug 17, 1999
Authored by Craig H. Rowland

HostSentry v0.02 is a host based intrusion detection tool that performs Login Anomaly Detection (LAD), and is the most recent edition to the Abacus Project suite of security tools. This tool allows administrators to spot strange login behavior and quickly respond to compromised accounts and unusual behavior. HostSentry incorporates a dynamic database and actually "learns" the user login behavior. This behavior is then utilized by modular signatures to detect unusual events. Specifically, HostSentry monitors system login accounting records in real-time (wtmp/utmp). These records are used to build a dynamic database of active users and run a series of signature modules during the login and logout phases. The signature modules are pluggable and easily activated or deactivated by the admin. An example wrapper is included to allow administrators to add new signatures. The current list of signatures includes: moduleLoginLogout - Generic audit trail of all user login and logouts. moduleFirstLogin - Alerts administrators if this user is logging in for the first time. moduleForeignDomain - A login was detected from a domain not listed in the allowed domains file. moduleRhostCheck - A user's .rhosts file contains a wildcard or other dangerous modification. moduleHistoryTruncated - A user's .history file is missing, truncated to zero bytes, or symlinked (i.e. /dev/null). moduleOddDirnames - A user's directory contains suspicious directory names on logout (" ..", "...", etc.). moduleMultipleLogins - A single username has multiple concurrent logins from different domains. moduleOddLoginTime - A user is logging in at an odd hour for their usage pattern (not implemented yet). moduleInvalidUtmp - A corresponding utmp/wtmp entry for this login cannot be found (entry possibly removed) (not implemented yet). moduleHistorySuspicious - The user's history file contains suspicious commands (not implemented yet). moduleNetworkDaemon - The user logged out but left a listening network socket operating (private web server, IRC bot, etc.) (not implemented yet). moduleFileExists - A file was found in the user's directory that is listed in the banned/monitored list of the site (not implemented yet). First release.

tags | tool, web, intrusion detection
systems | unix
MD5 | 3de0bbb7d456bb53683de56dfdf98362
icmp-0.9.tar.gz
Posted Aug 17, 1999
Authored by stealth

IMON v0.9b is a powerful tool to monitor/analyze ICMP traffic on your LAN (includes LOKI backdoor detection).

tags | tool, intrusion detection
systems | unix
MD5 | 7c82926086a0c749ec83bf5f3e33dfb6
mon-0.38pre7.tar.gz
Posted Aug 17, 1999
Authored by Jim Trocki

mon 0.38pre7 - "mon" is an extensible fault detection package which can be used to monitor network and system resources. It is most useful for system and network administrators who are responsible for maintaining the operation of networks of hundreds or possibly thousands of nodes.

Changes: Changes to period behavior, trap enhancements, basedir support, and more. mon-0.38pre7.tar.gz.sign.
tags | tool, intrusion detection
systems | unix
MD5 | 663a1a9e21ec3e7b90e05fe8fde11705
mon-0.38pre7.tar.gz.sign
Posted Aug 17, 1999

PGP signature for mon 0.38pre7.

tags | tool, intrusion detection
systems | unix
MD5 | a421f18650959c0c54f9dc396bf301f2
netl-1.01.tar.gz
Posted Aug 17, 1999
Authored by Graham THE Ollis

netl v1.01 is a network logger/sniffer suitable for TCP/IP over Ethernet and loopback. netl is capable of logging everything from pings to telnet, including low level IP like SYNs and RSTs.

tags | tool, tcp, intrusion detection
systems | unix
MD5 | bb85df6ef22cdc4472ce5872a7af88c8
nettest-1.0.tar.gz
Posted Aug 17, 1999
Authored by Rene Chaddock

nettest v1.0 is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.

Changes: Removed dependencies on external programs. More rcfile options for various configurable settings w/ almost foolproof defaults. More efficient ping code. Minor bug fixes.
tags | tool, intrusion detection
systems | unix
MD5 | c0705e221c389233bfd6fcc481c7e492
portsentry-0.61.tar.gz
Posted Aug 17, 1999
Authored by Craig H. Rowland

PortSentry v0.61beta is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. There are other port scan detectors that perform similar detection of scans, but PortSentry has some unique features that may make it worth looking into: Runs on TCP and UDP sockets to detect port scans against your system. PortSentry is configurable to run on multiple sockets at the same time so you only need to start one copy to cover dozens of tripwired services. Stealth scan detection (Linux only right now). PortSentry will now detect SYN/half-open, FIN, NULL, X-MAS and oddball packet stealth scans. Four new stealth scan operation modes have been added to greatly increase the power of this package. PortSentry will react to a port scan attempt by blocking the host in real-time. This is done through configured options of either dropping the local route back to the attacker, using the Linux ipfwadm command, *BSD ipfw command, and/or dropping the attacker host IP into a TCP Wrappers host.deny file automatically. PortSentry has an internal state engine to remember hosts that connected previously. This allows the setting of a trigger value to prevent false alarms and detect "random" port probing. PortSentry will report all violations to the local or remote syslog daemons indicating the system name, time of attack, attacking host IP and the TCP or UDP port a connection attempt was made to. When used in conjunction with Logcheck it will provide an alert to administrators through e-mail.

tags | tool, remote, local, udp, tcp, intrusion detection
systems | linux, unix, bsd
MD5 | 57bf7e0caf99188018ef1ab6131faf4b
qps-1.6.2.tar.gz
Posted Aug 17, 1999
Authored by Mattias Engdegard

Qps is a visual process manager, an X11 version of "top" or "ps" that displays processes in a window and lets you sort and manipulate them. Qps can: change nice value of a process, alter the scheduling policy and soft realtime priority of a process, display the TCP/UDP sockets used by a process, and names of the connected hosts, display the memory mappings of the process (which files and shared libraries are loaded where), display the open files of a process, kill or send any other signal to selected processes, display the load average as a graph, and use this as its icon when iconified, show (as graph or numbers) current CPU, memory and swap usage, sort the process table on any attribute (size, cpu usage, owner etc), and does much, much more. UNIX domain sockets are visible in the Files table, SMP support. Very nice GUI. Requires Qt library 1.40 or later and Linux 2.0 or later, or Solaris 2.5.x.

tags | tool, udp, tcp, intrusion detection
systems | linux, unix, solaris
MD5 | 2ac9af439f59b480a69dac24ef2c1921
sfck.tar.gz
Posted Aug 17, 1999
Authored by Vision

Sfck is a program that locates file changes on your linux system. It keeps a database which you can put on a read-only disk to make sure no changes take place from a hacker/intruder. When a file change is detected it mails root.

tags | tool, root, intrusion detection
systems | linux, unix
MD5 | 059733c5a98c11ca907f0160ee6b3a74
sniffer_detector.letter.ps.gz
Posted Aug 17, 1999

Whitepaper by IBM that discusses basic sniffer detector concepts. IBM Security ITS '98

tags | tool, intrusion detection
systems | unix
MD5 | fbd6dce44c2923f311cc985c2c8a600c
ywho-1.9.tar.gz
Posted Aug 17, 1999
Authored by Martin Mares

ywho v1.9 is a who-type utility displaying not only who is logged in, but also general system information and commands run by the users. Includes a rwhod replacement with central server, allowing user information to be gathered across routers.

tags | tool, intrusion detection
systems | unix
MD5 | 300aa7a26c3b763947633c12c7218b1f
bogon.c
Posted Aug 17, 1999
Authored by Richard W.M. Jones

Remote promiscuous ethernet detector.

tags | tool, remote, intrusion detection
systems | unix
MD5 | 3187a25e1c0e0ef31a65ce3dde0f252a
gogmagog-2.1.tar.gz
Posted Aug 17, 1999
Authored by C. Parisel

Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.

tags | tool, shell, intrusion detection
systems | unix
MD5 | 16127b758ce2654bbf7ab501f1e7679b
grundschober_1998.letter.ps.gz
Posted Aug 17, 1999
Authored by Stephane Grundschober

Sniffer Detector Report, Diploma Thesis, June 1998.

tags | tool, intrusion detection
systems | unix
MD5 | 5ac207af8e5c5de735b4ae595fbbc7ca
icmp.tar.gz
Posted Aug 17, 1999
Authored by Stealth of KALUG

IMON is a powerful tool to monitor/analyze ICMP traffic on your LAN. With IMON you are able to analyze ICMP messages going through your network interface.

tags | tool, intrusion detection
systems | unix
MD5 | 40507b1604c5b53e75a9b502d6972865
nettest-0.9.tar.gz
Posted Aug 17, 1999
Authored by Rene Chaddock

Nettest is a program which monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.

Changes: Supports multiple connections with separate parameters for each connection, automatically forks into background, and a few rcfile parameters have been changed.
tags | tool, intrusion detection
systems | unix
MD5 | f25b0854c8f01e502b83062598d19347
scanpromisc.c
Posted Aug 17, 1999
Authored by Savage of El Apostols

REMOTE promiscuous ethernet detector. For Red Hat 5.x.

tags | tool, remote, intrusion detection
systems | linux, redhat, unix
MD5 | 3e1436917e8949442a939c11a1534f96
watchdog-4.4.tar.gz
Posted Aug 17, 1999
Authored by Michael Meskes

watchdog is a daemon that monitors systems processes and loads, and will automatically reboot a server if the load rises above a defined level. Very useful tool.

tags | tool, intrusion detection
systems | unix
MD5 | f23457989b776f6e1b1d32ea2ad667a5
wipl-990221.src.tar.gz
Posted Aug 17, 1999
Authored by Christian Worm Mortensen

The wipl program package is able to make statistics about which network cards transfer how much on a LAN segment or through certain routers or servers. The program package contains a daemon program which collects and processes the information for network monitoring and realtime statistics.

tags | tool, intrusion detection
systems | unix
MD5 | e2d5ebb43b3dc12e121b6fad6b56bb94
autobuse-snap917980385.tar.gz
Posted Aug 17, 1999
Authored by Grant Taylor

Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like.

tags | tool, intrusion detection
systems | unix
MD5 | 4486077dd1baa32ebd9a84d3c5fea042
autobuse-snap918416038.tar.gz
Posted Aug 17, 1999
Authored by Grant Taylor

Autobuse - snapshot918416038 - Autobuse is a log-monitoring program which automatically reports script-kiddie probes to whomever you like.

tags | tool, intrusion detection
systems | unix
MD5 | a0ade06708a821c3a8ff8d7c64af4112
autobuse.lsm
Posted Aug 17, 1999

More detailed description of Autobuse.

tags | tool, intrusion detection
systems | unix
MD5 | 31e60b79f4dc14895f8b82b90a45c061
bsb-monitor-1.0.tar.gz
Posted Aug 17, 1999
Authored by Darko Krizic

BSB-Monitor is a very simple network monitor. It scans the network periodically and offers the result as an HTML page and an easily parseable status file.

tags | tool, intrusion detection
systems | unix
MD5 | 4cfd294d600b541f5d89171e25dfa85f
Page 26 of 32
Back2425262728Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    33 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close