Section: .. / UNIX / IDS /
| /// File Name: |
dtk-1999-01-07.tar |
Description:
|
Deception Toolkit v1999-01-07 - DTK simply listens for inputs and provides responses that seem normal (i.e., full of bugs). In the process, it logs what is being done, provides sensible (if not quite perfect) answers, and lulls the attacker into a false sense of (your) insecurity. Has too many great features to list here, so check out The Deception Toolkit Home Page. DTK v1999-01-07 makes several minor improvements and contains some minor bugfixes.
| | Author: | Fred Cohen and Associates | | File Size: | 931840 | | Last Modified: | Aug 16 20:02:35 1999 |
| MD5 Checksum: | 4c0030b526823e9c992114353551fb32 |
|
| /// File Name: |
step.htm |
Description:
|
Eight Steps to A Working Intrusion Detection System - The SANS Institute. Preface and instructions for STEP package below.
| | File Size: | 60436 | | Last Modified: | Aug 16 20:02:35 1999 |
| MD5 Checksum: | c880c48f3099b3cb999cf34e2e224ffd |
|
| /// File Name: |
tripwire-1.30-1.linux.tar.gz |
Description:
|
Tripwire v1.30-1 for Linux - Tripwire detects any variance in file integrity. This version has been "optimized" for Linux.
| | Author: | Tripwire Security Systems | | File Size: | 303968 | | Last Modified: | Aug 16 20:02:35 1999 |
| MD5 Checksum: | fd3374db2ba26fe11428e5fac3a98cfa |
|
| /// File Name: |
watchdog-4.2.tar.gz |
Description:
|
watchdog is a daemon that monitors systems processes and loads, and will automatically reboot a server if the load rises above a defined level. Very useful tool. 98k.
| | Author: | Michael Meskes | | File Size: | 100539 | | Last Modified: | Aug 16 20:02:35 1999 |
| MD5 Checksum: | 2b8061871a0f1dbd24967c975b66b8ff |
|
| /// File Name: |
clobberd-4.3-1.tar.bz2 |
Description:
|
User/Resource Monitor. Used to keep tabs on users.
| | Author: | Jason Nunn | | File Size: | 36426 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 042a2b284c49537a75b6fa2d1d7e32a0 |
|
| /// File Name: |
dtk-0.9.tar |
Description:
|
The Deception ToolKit (DTK) is a toolkit designed to give defenders a couple of orders of magnitude advantage over attackers. We use deception to counter attacks. In the case of DTK, the deception is intended to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. DTK's deception is programmable, but it is typically limited to producing output in response to attacker input in such a way as to simulate the behavior of a system which is vulnerable to the attackers method. V0.9 introduces the fake operating system name to the configure file and appropriate changes to deceptions to include this deception throughout the distribution. It also does automatic configuration of the secure Web server (thttpd) and generic.c and support for SCO Unix. 1.1MB.
| | Author: | Fred Cohen and Associates | | File Size: | 1105920 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | f10ae74d52935f3aec9f9e30a8aff8f0 |
|
| /// File Name: |
instmon-1.3.tar.gz |
Description:
|
instmon v1.3 - instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis | | File Size: | 13856 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 0b27b1ae6f11656b9332449453696aca |
|
| /// File Name: |
nannie-1.0.tar.gz |
Description:
|
Nannie's basic purpose is to watch system files that should not be changed, at least in theory. It monitors them for change in inode, size, etc notifies you if a change occurs. New features: completely rewritten, now logs to syslog instead of sending email, can handle a directory in nannie.cfg (will parse all files in directory), MUCH more error checking.
| | Author: | Cole Tuininga | | File Size: | 3826 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 9c0d3f60742929b511debecaf53fd162 |
|
| /// File Name: |
qps-1.5.tar.gz |
Description:
|
Qps v1.5 - Qps is a visual process manager, an X11 version of "top" or "ps" that displays processes in a window and lets you sort and manipulate them. Qps can: change nice value of a process, alter the scheduling policy and soft realtime priority of a process, display the TCP/UDP sockets used by a process, and names of the connected hosts, display the memory mappings of the process (which files and shared libraries are loaded where), display the open files of a process, kill or send any other signal to selected processes, display the load average as a graph, and use this as its icon when iconified, show (as graph or numbers) current CPU, memory and swap usage, sort the process table on any attribute (size, cpu usage, owner etc), and does much, much more. UNIX domain sockets are visible in the Files table, SMP support. Very nice GUI. Requires Qt library 1.40 or later and Linux 2.0 or later, or Solaris 2.5.x.
| | Author: | Mattias Engdegard | | File Size: | 142111 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 7d996affc86ab73df89fcf6f0727c062 |
|
| /// File Name: |
wipl-990104.src.tar.gz |
Description:
|
wipl v990104 - The wipl program package is able to make statistics about which network cards transfer how much on a LAN segment or through certain routers or servers. The program package contains a daemon program which collects and processes the information for network monitoring and realtime statistics.
| | Author: | Christian Worm Mortensen | | File Size: | 52593 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | c488800ffe2c4661034a30f2656f3e05 |
|
| /// File Name: |
dtk-0.8.tar |
Description:
|
Deception Toolkit v0.8 - Too many new improvements and code optimizations in this release to list. Just get it.
| | File Size: | 860160 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 9f25ae3c734677990ea21754354541c5 |
|
| /// File Name: |
gogmagog-2.tar.gz |
Description:
|
Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.
| | Author: | C. Parisel | | File Size: | 12342 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 928bfc3edd38b1e18d4863a7e36d8cbe |
|
| /// File Name: |
l0pht-nfr.tar.gz |
Description:
|
"The L0pht NFR Intrusion Detection System modules have been updated to cover some of the latest popular network attacks. Featured prominently in the update is a Back Orifice detection module which, we believe, is better than anything else on the market. Better than ISS's RealSecure BO detection as well as that of stand alone BO detectors that cost upwards of $5000. Do your network a favor and download our IDS modules (which are FREE) and NFR which is free for internal, non-commercial use."
| | Author: | L0pht Heavy Industries | | File Size: | 15145 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 9f052542d9d63ce7e1c23a07113a436a |
|
| /// File Name: |
nannie-0.9.tar.gz |
Description:
|
Nannie's basic purpose is to watch system files that should not be changed, at least in theory. It monitors them for change in inode, size, etc notifies you if a change occurs.
| | Author: | Cole Tuininga | | File Size: | 3014 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 525a3abec51832be1e49aa54a828023f |
|
| /// File Name: |
syn.pl |
Description:
|
tcpdump script which detects network activity - designed specifically to detect new "stealth and undetectable" nmap v2.00-2.01 scans (TCP, SYN, FIN, Frag, Xmas, Null, and UDP, etc...).
| | Author: | Programmaton | | File Size: | 3776 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 1b643bc7c0fd8a37b6e0de3b3d27cadf |
|
| /// File Name: |
autostatus-1.1.tar.gz |
Description:
|
autostatus is yet another network monitoring program. Easy to use and configure, fast and efficient. It exploits maximum parallelism during its checking to speed up monitoring.
| | Author: | Dave Andersen | | File Size: | 24943 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 134f76a43a3f0397f856250dd9e8e900 |
|
| /// File Name: |
gogmagog-1.tar.gz |
Description:
|
UNIX systems integrity monitor - highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind.
| | Author: | cparisel[at]hotmail.com | | File Size: | 5934 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 73a163942b986ae4d0d09d0dfd47410b |
|
| /// File Name: |
hum-A-summer98.tar.gz |
Description:
|
See above.
| | File Size: | 1666155 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 812a7853f61938018b11b18efbd471c2 |
|
| /// File Name: |
ifstatus2.2.tar.gz |
Description:
|
Ifstatus checks all network interfaces on the system, and reports any that are in debug or promiscuous mode, which may be a sign of unauthorized access to the system.
| | Author: | David A. Curry | | File Size: | 12295 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 3da19339275d0f06fb48620f79ef6499 |
|
| /// File Name: |
instmon-1.2.tar.gz |
Description:
|
instmon is a shell script that monitors installations and detects the files that were added or modified. It can be very helpful for packages that only come in source form. It can be used by system administrators and simple users alike. instmon home page
| | File Size: | 12330 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 81be9cb76ff83503f46dedd5c0b127bc |
|
| /// File Name: |
logscanner-1.0.tar.gz |
Description:
|
Log Scanner is an email sending, pager beeping (eventually), module using, log parsing, perl script. Log Scanner web site
| | File Size: | 14496 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 98a42272091f9f695d490c38ec368e39 |
|
| /// File Name: |
ncsfck.tar.gz |
Description:
|
NCSfck v1.2.0 - NCSFCK creates a database of important files like "/bin/login". Run as a cronjob for maximum effectiveness. Monitors for backdoor(s) and other trojan(s). web site
| | File Size: | 3171 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | ec3abf28c3eee9a81bd0992522d88c41 |
|
| /// File Name: |
nfr-mod.tar.gz |
Description:
|
L0pht NFR IDS Modules - examples of how to implement IDS functionality with NFR.
| | Author: | L0pht Heavy Industries. Get your copy of Network Flight Recorder at Network Flight Recorder | | File Size: | 9401 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 6514c6939333a8350738a4aff6d2a4e7 |
|
| /// File Name: |
hum-A-101898.tar.gz |
Description:
|
See above.
| | File Size: | 1658435 | | Last Modified: | Aug 16 20:02:31 1999 |
| MD5 Checksum: | 2f1090e6c66b0c4ca32eab75e11f32bf |
|
| /// File Name: |
hum-A-0.2.1.tar.gz |
Description:
|
HummingBird is a distributed component for any Intrusion Detection System. Features: Share security information with any Internet host, Powerful search-able database of security relevant data, Easy to use data visualization, Detects light but network wide attacks, Keeps historical data of system status, Hosts can be organized in a hierarchy for better management and information flow, Java interface for alert messages.
| | Author: | HummingBird Project | | File Size: | 1272895 | | Last Modified: | Aug 16 20:02:30 1999 |
| MD5 Checksum: | 832b9e63563cb0688313e10812d66ba5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
