Section: .. / UNIX / IDS /
| /// File Name: |
honeyd-0.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes and improvements. | | File Size: | 272149 | | Last Modified: | Apr 15 04:29:12 2003 |
| MD5 Checksum: | 3aec5101f44ef21b29c213496d92c1c1 |
|
| /// File Name: |
integrit-4.1.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Fixed exit status, considering missing files correctly as a change. | | File Size: | 271626 | | Last Modified: | Jun 6 18:30:51 2007 |
| MD5 Checksum: | f51a5b558981a5d90e7d6f4e7e269a46 |
|
| /// File Name: |
puresecure-1.6-personal.tar.gz |
Description:
|
Demarc PureSecure is a tool that combines all major aspects of network security into a centralized location. It integrates Network Intrusion Detection using the Snort IDS engine with host-based System Integrity Verification and a distributed plugin-based Extensible Service Monitoring system. Screenshots available here.
| | Homepage: | http://www.demarc.com | | Changes: | Numerous and significant changes made to the current features, and the addition of many more. Lots of bugs were fixed. | | File Size: | 268790 | | Last Modified: | Apr 24 22:28:01 2002 |
| MD5 Checksum: | d608f583c21814c00e80c5f12b82f11d |
|
| /// File Name: |
aide-0.11.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Various bug fixes. | | File Size: | 266978 | | Last Modified: | Feb 25 21:08:59 2006 |
| MD5 Checksum: | 9a44e5386b0355ef57c60f627ff4d085 |
|
| /// File Name: |
radmind-0.9.2.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | User support has been added to the server with PAM, and there is a new version of libsnet. Bugs were fixed. | | File Size: | 266349 | | Last Modified: | Dec 18 12:13:05 2002 |
| MD5 Checksum: | c2ecfdba298bb324f4196ef5d063ba9c |
|
| /// File Name: |
integrit-4.0.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Updated output format for "new" file checksums to match "removed". | | File Size: | 266001 | | Last Modified: | Aug 17 02:26:02 2006 |
| MD5 Checksum: | 2f6a7e28e48b0cbc8214648e3224703b |
|
| /// File Name: |
integrit-3.05.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Documented Chris Johns changes and updated Makefile targets for developers. | | File Size: | 262784 | | Last Modified: | Sep 22 03:22:14 2005 |
| MD5 Checksum: | a251a27f6b815e51c356cf81e8f2dc5e |
|
| /// File Name: |
tcpreplay-1.0.1.tar.gz |
Description:
|
Tcprelay v1.0.1 - Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
| | File Size: | 252686 | | Last Modified: | Sep 23 01:36:39 1999 |
| MD5 Checksum: | 4b9335761e9202abfc175c06b169e991 |
|
| /// File Name: |
review-1.5.tar.gz |
Description:
|
review-1.5.tar.gz
| | File Size: | 251932 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 9c76f06e2eff65cf2c7b525fc4068008 |
|
| /// File Name: |
grundschober_1998.letter.ps.gz |
Description:
|
Sniffer Detector Report, Diploma Thesis, June 1998.
| | Author: | Stephane Grundschober. | | File Size: | 242029 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 5ac207af8e5c5de735b4ae595fbbc7ca |
|
| /// File Name: |
radmind-0.9.3.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Fixed connection accepting code, added argument checking, and various other bug fixes. | | File Size: | 238988 | | Last Modified: | Jan 27 13:41:21 2003 |
| MD5 Checksum: | a1f5f6d35263239c8e9ed78bea69ad7b |
|
| /// File Name: |
top-3.5beta9.tar.gz |
Description:
|
Top - A Top-CPU Usage Display provides a rolling display of top-CPU using processes on a Unix system. It also displays other information about the overall health of the system, including load averages and memory utilization. Numerous portability patches and optimizations in this release.
| | Author: | William LeFebvre. | | File Size: | 234762 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | 70d5f5461bb45a53c207557c354e8108 |
|
| /// File Name: |
firestorm-0.4.6.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Fixed a bug which caused tcpdump log files to get overwritten. The TCP state tracking code was completely rewritten and is now much more accurate and efficient. Support for HTTP URI content matching was added. Snort signatures are now bundled with default packages. | | File Size: | 226441 | | Last Modified: | Aug 21 01:52:18 2002 |
| MD5 Checksum: | e8be7fbdee729a9e2d862d16fcbcefc3 |
|
| /// File Name: |
aide-0.7.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Bug fixes, support for compressed database using zlib, and updated Mhash support along with linkname checking. | | File Size: | 219837 | | Last Modified: | May 9 18:52:22 2000 |
| MD5 Checksum: | 0b2ed9eb3b608a19418800b87f5be848 |
|
| /// File Name: |
aide-0.9.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Now has the ability to compare two databases, support for using HMAC to verify configuration and the database, and includes bugfixes. | | File Size: | 216096 | | Last Modified: | Jun 5 01:14:41 2002 |
| MD5 Checksum: | 877b1f515a9e25afda75e06805d687fb |
|
| /// File Name: |
aide-0.6.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | A lot of bug fixes. MD-sums were again broken; please update. | | File Size: | 212475 | | Last Modified: | Feb 8 13:55:35 2000 |
| MD5 Checksum: | 3697a80834816c022756acdbb4c8ec21 |
|
| /// File Name: |
top-3.5beta6.tar.gz |
Description:
|
A Top-CPU Usage Display.
| | Author: | William LeFebvre. | | File Size: | 209405 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 4627b01bde558f4fcb3d8dbd0ad10a07 |
|
| /// File Name: |
capture-server-2.1.0-300-src.zip |
Description:
|
Capture is a high interaction client honeypot / honeyclient. A client honeypot/ honeyclient is a security technology that allows one to find malicious servers on a network. Capture identifies malicious servers by interacting with potentially malicious servers using a dedicated virtual machine and observing its system state changes. If a system state change is detected, since no other activity occurs on the dedicated client machine, the server Capture interacted with is classified as malicious. This is the source code for the server.
| | Homepage: | https://projects.honeynet.org/capture-hpc | | File Size: | 207257 | | Last Modified: | Apr 29 20:29:45 2008 |
| MD5 Checksum: | 34ea2bc70bcba80e269f0064e798c9e8 |
|
| /// File Name: |
prosum_0.28.tgz |
Description:
|
ProSum is a console based program that protects your files, sys_call_table and IDT in a manor similar to tripwire (All in user space, without kernel modules). In addition, database with files etc. could be encrypted with Blowfish algorithm and files that are protected could be store at any secure/bastion host to later replace them. ProSum could be run on any UNIX system, at least with file protect mode (without IDT and sys_call_table support).
| | Author: | Fkt | | Homepage: | http://prosum.sourceforge.net | | File Size: | 206508 | | Last Modified: | Sep 12 07:20:00 2002 |
| MD5 Checksum: | c1b76d2566d99e47f62152a0465e73c7 |
|
| /// File Name: |
demarc-1.05-stable.tar.gz |
Description:
|
Unavailable.
| | File Size: | 199214 | | Last Modified: | Nov 12 21:16:23 2001 |
| MD5 Checksum: | c7e9585b1c50df16c7c97566dffbc9e6 |
|
| /// File Name: |
aide-0.8.tar.gz |
Description:
|
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
| | Author: | Rami Lehti | | Homepage: | http://www.cs.tut.fi/~rammer/aide.html | | Changes: | Lots of bugs were fixed! A syslog backend was added. The report format was changed. Lots of parameters were added. ACL support for SunOS 5.x (and compatibles) was added. libgcrypt is now separate and required. | | File Size: | 197272 | | Last Modified: | Feb 19 02:43:06 2002 |
| MD5 Checksum: | 84b608ccf5051d41a8ccfee87ced5428 |
|
| /// File Name: |
samhain-2.1.2.tar.gz |
Description:
|
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
| | Author: | Rainer Wichmann | | Homepage: | http://samhain.sourceforge.net | | Changes: | Various updates. | | File Size: | 196096 | | Last Modified: | Feb 8 00:38:39 2006 |
| MD5 Checksum: | 25bbf93bca768e66e553b24c92ab11b0 |
|
| /// File Name: |
hlbr-0.2.tar.gz |
Description:
|
HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model staying invisible from layer 3.
| | Author: | Joao Eriberto Mota Filho, Andre Bertelli Araujo | | Homepage: | http://hlbr.sourceforge.net | | File Size: | 194744 | | Last Modified: | Feb 14 00:05:18 2006 |
| MD5 Checksum: | 5f48b9d7ef29b33c5ee95e843dfc15b0 |
|
| /// File Name: |
logsurfer-1.5.tar.gz |
Description:
|
logsurfer is a log checking/auditing tool similar to swatch and logcheck but with the capability of handling multi-line messages and dynamically adapting the ruleset. It is written in portable C, well documented, fast, and flexible. It works on any textfile or stdin, can be run at intervals or continuously, and has timeouts and resource limits.
| | Homepage: | http://www.cert.dfn.de/eng/logsurf/home.html | | File Size: | 193989 | | Last Modified: | Dec 14 21:41:00 1999 |
| MD5 Checksum: | 55a71acfca8bed64596d32ba4c052638 |
|
| /// File Name: |
hlbr-1.0.tar.gz |
Description:
|
HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model staying invisible from layer 3.
| | Author: | Joao Eriberto Mota Filho, Andre Bertelli Araujo | | Homepage: | http://hlbr.sourceforge.net | | Changes: | Version 1.0 now can detect malicious traffic using regular expressions. | | File Size: | 193460 | | Last Modified: | Mar 8 00:33:49 2006 |
| MD5 Checksum: | b0739e53c26fa5bb40e34764bd102b46 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
