Section: .. / UNIX / IDS /
| /// File Name: |
portsentry-1.0.tar.gz |
Description:
|
PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/abacus/portsentry/ | | Changes: | Correct ignoring of hosts, and a Y2K fix for log file output, using a four-digit year. This doesn't affect PortSentry, but may affect programs that look at the log files it generates. | | File Size: | 43034 | | Last Modified: | Dec 2 14:59:02 1999 |
| MD5 Checksum: | d2d29e614f1604bd62a23e33d7a7564f |
|
| /// File Name: |
SnmpMonitorEx-1.0.1.tar.gz |
Description:
|
Safely monitor SNMP variables on the net. If there are changes, you can get a message on your cellular, by mail or on screen. Requires Scotty and Tcl/Tk.
| | File Size: | 42929 | | Last Modified: | Aug 16 20:02:21 1999 |
| MD5 Checksum: | ef1457bcc056e25307efe5361fd4e453 |
|
| /// File Name: |
sid-0.3.4.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | Changes: | Various updates. | | File Size: | 41665 | | Last Modified: | Apr 20 08:02:00 2004 |
| MD5 Checksum: | 56b27dbe49befdd875de879144c968c0 |
|
| /// File Name: |
nodewatch-1.6.tar.gz |
Description:
|
NodeWatch is an open source TCP/IP network monitoring tool written in Perl for UNIX.
| | File Size: | 41583 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | d8c67cc9a35db752fa3233130a4e3fee |
|
| /// File Name: |
traffic-vis-0.30.tar.gz |
Description:
|
traffic-vis v0.30 - traffic-vis is a network monitoring/auditing tool that can plot communications between hosts on a TCP/IP network, and quickly answer questions such as Who is saturating your Internet link. This version is a major rewrite, splitting the program up into several smaller tools. 40k.
| | Author: | Damien Miller. | | File Size: | 41222 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | ded93d0ff3b59bf70abac936e748e45e |
|
| /// File Name: |
sid-0.3.3.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | File Size: | 41017 | | Last Modified: | Apr 10 12:06:00 2004 |
| MD5 Checksum: | cec3a3f4fec35389049ac63d4df66efe |
|
| /// File Name: |
trojan.tar |
Description:
|
trojan.tar
| | File Size: | 40960 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | a4b1af99be48ba2399825512f78a2185 |
|
| /// File Name: |
portsentry-0.90.tar.gz |
Description:
|
PortSentry 0.90 - PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.
| | Author: | Craig Rowland. | | Changes: | Renamed from Abacus Sentry to PortSentry, lots of internal code clean up and optimizations, Docs updated and it now works under Solaris, Linux, BSD variants and others. portsentry.sample.txt. | | File Size: | 37936 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 80eead64b3d6efb10748b80ecec0f54a |
|
| /// File Name: |
sid-0.3.tar.gz |
Description:
|
SID is a Shell Intrusion Detection system. The kernel part plugs into a terminal-processing subsystem and logs hashed terminal lines. The user part reads log entries (hashes), consults a list of allowed entries, and takes appropriate action upon unexpected log entries. Currently supported are Solaris and Linux.
| | Author: | belpo | | Homepage: | http://sid.sourceforge.net | | File Size: | 37889 | | Last Modified: | Feb 22 21:52:00 2004 |
| MD5 Checksum: | f1edd0767a8217958f1048b4aeb66fd3 |
|
| /// File Name: |
bh-0.8.6.tgz |
Description:
|
Beholder is a wireless intrusion detection tool that looks for anomalies in a wifi environment.
| | Author: | Nelson Murilo | | Homepage: | http://www.beholderwireless.org/ | | File Size: | 37682 | | Last Modified: | Aug 20 03:19:46 2008 |
| MD5 Checksum: | 65eaed3776355063d4cd9131f1515a07 |
|
| /// File Name: |
logwatch-1.6.6.tar.gz |
Description:
|
LogWatch 1.6.6 is a customizable, pluggable log-monitoring system that analyzes and reports on system logs. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Easy to use - works right out of the package on almost all systems. Now analyzes samba logs.
| | Author: | Kirk Bauer. | | Changes: | fewer unmatched entries in 'secure' service, ftp-messages module prettier, name-lookups now optional for named module, added and improved ProFTPd module, much more. | | File Size: | 36751 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | e9c686de214ded15c89216fae1c21094 |
|
| /// File Name: |
clobberd-4.3-1.tar.bz2 |
Description:
|
User/Resource Monitor. Used to keep tabs on users.
| | Author: | Jason Nunn. | | File Size: | 36426 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 042a2b284c49537a75b6fa2d1d7e32a0 |
|
| /// File Name: |
logwatch-2.7.tar.gz |
Description:
|
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
| | Homepage: | http://www.logwatch.org | | Changes: | If you are running v2.4 or below it is imperative that you upgrade! This version supports multiple copies of the same command (such as *remove) in config files, no longer requires an = sign when no arguments are given, and adds some more filtering. | | File Size: | 35965 | | Last Modified: | Apr 6 02:32:09 2002 |
| MD5 Checksum: | c193360765959f2b6126dee663f3e207 |
|
| /// File Name: |
ICU-0.1.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | File Size: | 35881 | | Last Modified: | Dec 8 03:21:55 2000 |
| MD5 Checksum: | ed1e20bda4f0c0ba76e78556712282b9 |
|
| /// File Name: |
portsentry-0.61.tar.gz |
Description:
|
PortSentry v0.61beta is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. There are other port scan detectors that perform similar detection of scans, but PortSentry has some unique features that may make it worth looking into: Runs on TCP and UDP sockets to detect port scans against your system. PortSentry is configurable to run on multiple sockets at the same time so you only need to start one copy to cover dozens of tripwired services. Stealth scan detection (Linux only right now). PortSentry will now detect SYN/half-open, FIN, NULL, X-MAS and oddball packet stealth scans. Four new stealth scan operation modes have been added to greatly increase the power of this package. PortSentry will react to a port scan attempt by blocking the host in real-time. This is done through configured options of either dropping the local route back to the attacker, using the Linux ipfwadm command, *BSD ipfw command, and/or dropping the attacker host IP into a TCP Wrappers host.deny file automatically. PortSentry has an internal state engine to remember hosts that connected previously. This allows the setting of a trigger value to prevent false alarms and detect "random" port probing. PortSentry will report all violations to the local or remote syslog daemons indicating the system name, time of attack, attacking host IP and the TCP or UDP port a connection attempt was made to. When used in conjunction with Logcheck it will provide an alert to administrators through e-mail.
| | Author: | Craig H. Rowland. | | File Size: | 34968 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 57bf7e0caf99188018ef1ab6131faf4b |
|
| /// File Name: |
logwatch-1.6.4.tar.gz |
Description:
|
LogWatch is a customizable, pluggable log-monitoring system. Easy to use and highly configurable. Now analyzes samba logs!
| | File Size: | 34628 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | efba2db1b27075be80395858ce1ea883 |
|
| /// File Name: |
nabou-1.5.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | Changes: | This release includes many bugfixes, database encryption support, process monitoring capabilities, and some more output options. | | File Size: | 34553 | | Last Modified: | Sep 12 17:58:40 2000 |
| MD5 Checksum: | c84b8d6df7348aec42e97cdb36ace23a |
|
| /// File Name: |
monitord-4.0beta.tar.gz |
Description:
|
The Network Security Monitor Daemon is a lightweight (distributed?) network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
| | Homepage: | http://sourceforge.net/projects/monitord | | Changes: | Improved security - No threads run as root. Added a new statistical thread and an HTTP server thread (which serves statistics in XML/XSL). | | File Size: | 34185 | | Last Modified: | Dec 18 01:02:29 2001 |
| MD5 Checksum: | ce6dfe55f8de34afa03e3e5d51685b7a |
|
| /// File Name: |
logwatch-1.6.3.tar.gz |
Description:
|
LogWatch is a customizable, pluggable log-monitoring system. Easy to use and highly configurable. Now analyzes samba logs!
| | File Size: | 34163 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | 471214d809eeccee70f4515e70e593fe |
|
| /// File Name: |
hostsentry-0.02.tar.gz |
Description:
|
HostSentry v0.02 is a host based intrusion detection tool that performs Login Anomaly Detection (LAD), and is the most recent edition to the Abacus Project suite of security tools. This tool allows administrators to spot strange login behavior and quickly respond to compromised accounts and unusual behavior. HostSentry incorporates a dynamic database and actually "learns" the user login behavior. This behavior is then utilized by modular signatures to detect unusual events. Specifically, HostSentry monitors system login accounting records in real-time (wtmp/utmp). These records are used to build a dynamic database of active users and run a series of signature modules during the login and logout phases. The signature modules are pluggable and easily activated or deactivated by the admin. An example wrapper is included to allow administrators to add new signatures. The current list of signatures includes: moduleLoginLogout - Generic audit trail of all user login and logouts. moduleFirstLogin - Alerts administrators if this user is logging in for the first time. moduleForeignDomain - A login was detected from a domain not listed in the allowed domains file. moduleRhostCheck - A user's .rhosts file contains a wildcard or other dangerous modification. moduleHistoryTruncated - A user's .history file is missing, truncated to zero bytes, or symlinked (i.e. /dev/null). moduleOddDirnames - A user's directory contains suspicious directory names on logout (" ..", "...", etc.). moduleMultipleLogins - A single username has multiple concurrent logins from different domains. moduleOddLoginTime - A user is logging in at an odd hour for their usage pattern (not implemented yet). moduleInvalidUtmp - A corresponding utmp/wtmp entry for this login cannot be found (entry possibly removed) (not implemented yet). moduleHistorySuspicious - The user's history file contains suspicious commands (not implemented yet). moduleNetworkDaemon - The user logged out but left a listening network socket operating (private web server, IRC bot, etc.) (not implemented yet). moduleFileExists - A file was found in the user's directory that is listed in the banned/monitored list of the site (not implemented yet). First release.
| | Author: | Craig H. Rowland. | | File Size: | 33983 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 3de0bbb7d456bb53683de56dfdf98362 |
|
| /// File Name: |
logwatch-1.6.1.tar.gz |
Description:
|
logwatch v1.6.1 - Analysis of and report on system logs - LogWatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Easy to use - works right out of the package on almost all systems. Now analyzes samba logs!
| | Author: | Kirk Bauer. | | File Size: | 33968 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | 6b08bbbe752310b702d3cd8e97ed8800 |
|
| /// File Name: |
logwatch-1.5.1.tar.gz |
Description:
|
LogWatch is a customizable, pluggable log-monitoring system. Easy to use and highly configurable. Now analyzes samba logs!
| | File Size: | 33556 | | Last Modified: | Aug 16 20:02:18 1999 |
| MD5 Checksum: | 04b491c5f2beb7fd1154eb347df1c972 |
|
| /// File Name: |
logwatch-1.5.0.tar.gz |
Description:
|
LogWatch is a customizable, pluggable log-monitoring system. Easy to use and highly configurable. Now analyzes samba logs!
| | File Size: | 33543 | | Last Modified: | Aug 16 20:02:17 1999 |
| MD5 Checksum: | 22ab55f71b4a44448d28a8868467b310 |
|
| /// File Name: |
FCheck_2.07.54.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | The output was streamlined to display only details of what has changed. Individual file checking was added, along with checking of UID, GID, and major/minor numbers of special files. The database is now maintained in one file, allowing easier support of distributed systems. | | File Size: | 32492 | | Last Modified: | Nov 15 00:32:29 2000 |
| MD5 Checksum: | bdbe23a165ef4d8b99689d01a264bb2e |
|
| /// File Name: |
monitord-3.5beta.tar.gz |
Description:
|
The Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
| | Homepage: | http://sourceforge.net/projects/monitord | | File Size: | 32437 | | Last Modified: | Feb 8 18:26:38 2001 |
| MD5 Checksum: | 20a7943b800f42d9b43dc7611a2d243d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
