Section: .. / UNIX / IDS /
| /// File Name: |
flister.zip |
Description:
|
FLISTER is a proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. Flister works on Windows 2000, XP and 2003.
| | Author: | joanna | | Homepage: | http://www.invisiblethings.org | | File Size: | 16083 | | Last Modified: | Feb 24 06:01:37 2005 |
| MD5 Checksum: | e54c133c50a5b1a45c482def06ac83e8 |
|
| /// File Name: |
icmp-0.9.tar.gz |
Description:
|
IMON v0.9b is a powerful tool to monitor/analyze ICMP traffic on your LAN (includes LOKI backdoor detection).
| | Author: | Stealth. | | File Size: | 15950 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 7c82926086a0c749ec83bf5f3e33dfb6 |
|
| /// File Name: |
bubblegum-1.0.tar.gz |
Description:
|
Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, logging the changes. It can run an external command, read files from a filelist, and more.
| | Homepage: | http://cyclic.sourceforge.net/bubblegum | | Changes: | A fix for a Linux compile problem, syslogd support, and a couple of other bugfixes. | | File Size: | 15752 | | Last Modified: | Mar 8 01:48:57 2002 |
| MD5 Checksum: | 1389a0c513dd703700de51cd7301a084 |
|
| /// File Name: |
instmon-1.5.tar.gz |
Description:
|
instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis. | | Changes: | Slightly changed the default search list (added /var/lib) and the default exclude list (added /root); instmon now uses $TMPDIR when set; Comparisons between version numbers are now done in a different way, which is more correct for the UN*X world; Fixed to work with RPM >= 2.5.0; Empty directories are now removed even more aggressively; Things are becoming complicated, so the awk command is now required, and instmon has to store some helper scripts (currently one) in /usr/local/lib/instmon. | | File Size: | 15539 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | 84857431c0daee01c59e1231e2340712 |
|
| /// File Name: |
nettest-0.9.tar.gz |
Description:
|
Nettest is a program which monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.
| | Author: | Rene Chaddock. | | Changes: | Supports multiple connections with separate parameters for each connection, automatically forks into background, and a few rcfile parameters have been changed. | | File Size: | 15303 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | f25b0854c8f01e502b83062598d19347 |
|
| /// File Name: |
pmids-1.6.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | A GPG bug and grabbing of md5 sigs from the website have been repaired. | | File Size: | 15177 | | Last Modified: | Oct 1 00:28:27 2002 |
| MD5 Checksum: | fccdd4b8ac766c1fe16c97e4125afb0f |
|
| /// File Name: |
l0pht-nfr.tar.gz |
Description:
|
"The L0pht NFR Intrusion Detection System modules have been updated to cover some of the latest popular network attacks. Featured prominently in the update is a Back Orifice detection module which, we believe, is better than anything else on the market. Better than ISS's RealSecure BO detection as well as that of stand alone BO detectors that cost upwards of $5000. Do your network a favor and download our IDS modules (which are FREE) and NFR which is free for internal, non-commercial use."
| | Author: | L0pht Heavy Industries | | File Size: | 15145 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 9f052542d9d63ce7e1c23a07113a436a |
|
| /// File Name: |
websec10.tar.gz |
Description:
|
Web Secretary is a web page monitoring software.
| | Author: | Homemade Software. | | File Size: | 14838 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 1dac964b9d4f9cae2d6ff2b662c42258 |
|
| /// File Name: |
twpatch-0.2.tgz |
Description:
|
Patches to run Tripwire 1.2 on Linux. Tripwire 1.2.
| | Author: | CERIAS/COAST. | | File Size: | 14833 | | Last Modified: | Aug 16 20:02:28 1999 |
| MD5 Checksum: | 28f0fa2f8a0ce91fc830e4ac66d058f8 |
|
| /// File Name: |
pmids-1.5.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | Bug fixes and some cool improvements. | | File Size: | 14746 | | Last Modified: | Aug 30 01:58:32 2002 |
| MD5 Checksum: | bd319ae6afaabd837ee24d4c0c4fa04d |
|
| /// File Name: |
instmon-1.4.tar.gz |
Description:
|
instmon v1.4 - instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis. | | File Size: | 14598 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | 4d34efd29c813828f938a771eacd8a1b |
|
| /// File Name: |
logscanner-1.0.tar.gz |
Description:
|
Log Scanner is an email sending, pager beeping (eventually), module using, log parsing, perl script. Log Scanner web site.
| | File Size: | 14496 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 98a42272091f9f695d490c38ec368e39 |
|
| /// File Name: |
gogmagog-3.tar.gz |
Description:
|
GogMagog is a multiplatform sysadmin tool for monitoring the integrity of network-wide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is pretty network architecture independant. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface on the server.
| | Author: | C.Parisel. | | File Size: | 13936 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 8ef23b61a15ccdbe831cb688278deedd |
|
| /// File Name: |
logcolorise-1.0.7.tar.gz |
Description:
|
Logcolorise is a PERL script to make your syslog generated log files much more legible by colourising them (context highlighting based on keywords).
| | Author: | Mike Babcock | | File Size: | 13898 | | Last Modified: | Oct 26 15:13:11 1999 |
| MD5 Checksum: | fa493ff21eff0f5ee3991ca3e122d6c6 |
|
| /// File Name: |
nettest0.8.tar.gz |
Description:
|
nettest v0.8 - Nettest is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down. 14k.
| | Author: | Rene Chaddock. | | File Size: | 13869 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | ad45289c085069ac61134c81d7d235cd |
|
| /// File Name: |
instmon-1.3.tar.gz |
Description:
|
instmon v1.3 - instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis. | | File Size: | 13856 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 0b27b1ae6f11656b9332449453696aca |
|
| /// File Name: |
darc-0.2.tgz |
Description:
|
Darc is a utility for managing large Aide installations in heterogeneous environments. It eliminates the need to maintain read-only media on every system, and provides unified reporting on filesystem changes across all machines.
| | Author: | Jacob Martinson | | Homepage: | http://www.info234.com/~jmartinson/darc.html | | File Size: | 13830 | | Last Modified: | Aug 14 18:21:46 2005 |
| MD5 Checksum: | d889f51c71280ea7a1829799379e58c9 |
|
| /// File Name: |
nettest0.81.tar.gz |
Description:
|
nettest v0.81 - Nettest is a program that monitors a network connection, and takes some action (either email, audible notification, syslog entries, or all of the above) if/when the connection goes down.
| | Author: | Rene Chaddock. | | File Size: | 13777 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 235ad0c2475342fffb59015b8388f28c |
|
| /// File Name: |
icmpinfo-1.11.tar.gz |
Description:
|
Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
| | File Size: | 13712 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 65c3acdf2f87f9ab9aa1a055d76f8976 |
|
| /// File Name: |
shoneypot-0.2-3.tar.gz |
Description:
|
Single Honeypot simulates many services - SMTP, HTTP, shell, and FTP. It can pretend to be many OS's, such as Windows FTP systems, Windows SMTP systems, different Linux distributions, and some Posix distributions.
| | Homepage: | http://sourceforge.net/projects/single-honeypot | | Changes: | Pop3 target added and commands of the SMTP target have been added and modified. | | File Size: | 13302 | | Last Modified: | Sep 20 12:04:59 2002 |
| MD5 Checksum: | d449ea1d6be95ffea39501e2f044361e |
|
| /// File Name: |
overcr-1.49.02.tar.gz |
Description:
|
OverCR 1.49.02 - OverCR is a remote systems monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor. | | Changes: | Configuration file support completed, minor documentation fixes, minor cleaning and formating of source. | | File Size: | 13185 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 6ae461e9e01a97b6e47695f87462fd1b |
|
| /// File Name: |
nabou-1.2.tar.gz |
Description:
|
nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
| | Author: | Thomas Linden | | Homepage: | http://www.0x49.org/nabou/ | | File Size: | 12991 | | Last Modified: | Aug 7 14:58:59 2000 |
| MD5 Checksum: | 98aac6f969c6ffe61a5e4618e2a644a4 |
|
| /// File Name: |
overcr-1.49.01.tar.gz |
Description:
|
OverCR 1.49.01 - OverCR is a simple system monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor. | | Changes: | First 1.50 beta featuring new config file based configuration. "System Monitoring is an important and expensive task. Fortunately free tools such as Big Brother have become available. Unfortunately these tools are not free in the GNU sense. In addition the shell script format of Big Brother leaves something to be desired in my opinion. Therefore I've started writing Over-CR, a GPL Network Monitoring software."--Eric Molitor | | File Size: | 12948 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | a68cee6f17be4e0806ee23797f112899 |
|
| /// File Name: |
icmp.tar.gz |
Description:
|
IMON is a powerful tool to monitor/analyze ICMP traffic on your LAN. With IMON you are able to analyze ICMP messages going through your network interface.
| | Author: | Stealth of KALUG. | | File Size: | 12876 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 40507b1604c5b53e75a9b502d6972865 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
