Section: .. / UNIX / IDS /
| /// File Name: |
Snmpd-1.0.1.tar.gz |
Description:
|
SNMP based network management program to alleviate certain problems of heterogeneous systems. Requires Scotty and Tcl/Tk
| | File Size: | 150464 | | Last Modified: | Aug 16 20:02:21 1999 |
| MD5 Checksum: | 51633bc34a643576509f93d1267a048d |
|
| /// File Name: |
Snmpd-1.0.2.tar.gz |
Description:
|
See above.
| | File Size: | 150419 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | dbbb86291943e248650d9885a06ba4ca |
|
| /// File Name: |
shoki-0.08.2.tar.gz |
Description:
|
Shoki is a collection of IDS tools, scripts, and so forth. All the bits together can collect data from sensors, schlep it to a central location for storage, run signature-based and statistical analysis on the data, and load the data into a SQL database. Shoki provides a framework for a distributed system for network traffic analysis among untrusted peers.
| | Homepage: | http://www.meshuggeneh.net/shoki | | File Size: | 149000 | | Last Modified: | Oct 21 04:26:57 2000 |
| MD5 Checksum: | 20d43922b0415cedf1de6af12fbbeca6 |
|
| /// File Name: |
firestorm-0.4.4.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Added TCP stateful inspection, a 'fragoffset' matcher and the 'stateless' keyword were added. Bugs were fixed. | | File Size: | 146635 | | Last Modified: | Jun 10 03:19:32 2002 |
| MD5 Checksum: | 91f13cdc017c0ebb3c21ff230db198c3 |
|
| /// File Name: |
qps-1.6.tar.gz |
Description:
|
Qps v1.6 - See description above.
| | File Size: | 145272 | | Last Modified: | Aug 16 20:02:36 1999 |
| MD5 Checksum: | 9055eb67beeb4f26cd185755617be642 |
|
| /// File Name: |
firestorm-0.1.3.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | New TCP flags, ICMP sequence, and ID matchers, bugfixes, a more verbose alert target, and improved documentation. | | File Size: | 144241 | | Last Modified: | Jun 7 14:50:12 2001 |
| MD5 Checksum: | 6535757480bdcaca23579488b294503a |
|
| /// File Name: |
firestorm-0.4.3.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Lots of bugs have been fixed. An 802.1q (VLAN) decode plugin has been added. | | File Size: | 143763 | | Last Modified: | Jun 3 01:48:29 2002 |
| MD5 Checksum: | 47b4ad43b07f648553dc77cadf44b1a7 |
|
| /// File Name: |
firestorm-0.1.2.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | This release allows rule criteria to be negated, includes a string/content matcher, support for bidirectional snort rules, a TTL matcher, an IP ID matcher, and lots of other little fixes. | | File Size: | 142774 | | Last Modified: | May 29 18:46:32 2001 |
| MD5 Checksum: | bc70351bf359f52a926f0e8273d12701 |
|
| /// File Name: |
qps-1.5.tar.gz |
Description:
|
Qps v1.5 - Qps is a visual process manager, an X11 version of "top" or "ps" that displays processes in a window and lets you sort and manipulate them. Qps can: change nice value of a process, alter the scheduling policy and soft realtime priority of a process, display the TCP/UDP sockets used by a process, and names of the connected hosts, display the memory mappings of the process (which files and shared libraries are loaded where), display the open files of a process, kill or send any other signal to selected processes, display the load average as a graph, and use this as its icon when iconified, show (as graph or numbers) current CPU, memory and swap usage, sort the process table on any attribute (size, cpu usage, owner etc), and does much, much more. UNIX domain sockets are visible in the Files table, SMP support. Very nice GUI. Requires Qt library 1.40 or later and Linux 2.0 or later, or Solaris 2.5.x.
| | Author: | Mattias Engdegard | | File Size: | 142111 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 7d996affc86ab73df89fcf6f0727c062 |
|
| /// File Name: |
libnids-1.21.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Various code updates. | | File Size: | 140138 | | Last Modified: | May 22 00:18:39 2006 |
| MD5 Checksum: | 8c43dd7d66350eed99a29be50bc5615f |
|
| /// File Name: |
honeyd-0.3.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Included UDP support (including proxying), and many bugfixes. | | File Size: | 135998 | | Last Modified: | Jul 31 03:08:32 2002 |
| MD5 Checksum: | 027c507bb165bea70403309e4445c601 |
|
| /// File Name: |
check-ps-1.3.2.tar.gz |
Description:
|
Check-ps is a program that is designed to detect rootkit versions of ps that fail to tell you about selected processes. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods. You are encouraged to check the signatures, available here.
| | Author: | Duncan Simpson | | Homepage: | http://checkps.alcom.co.uk | | Changes: | Includes extended kill scanning which will detect LKM's such as adore-0.34. Includes new tests to generate a list of PID's by brute force. | | File Size: | 131883 | | Last Modified: | Apr 19 17:34:24 2001 |
| MD5 Checksum: | badf7b5b86b9afda47f8ff0f125253b1 |
|
| /// File Name: |
check-ps-1.3.1.tar.gz |
Description:
|
Check ps is a simple program that runs ps and compares it with its own list. It currently requires /proc but other scanning methods can be implemented. The program will run in the background or one-shot mode. Check-ps has grown rather to better resist increasingly sophisticated attacks, generate more useful reports, and implement more detection methods.
| | Author: | Duncan Simpson | | Homepage: | http://checkps.alcom.co.uk | | Changes: | Better reporting, bug fixes, more resistant to attack. | | File Size: | 131476 | | Last Modified: | Oct 21 04:40:18 2000 |
| MD5 Checksum: | 229ea770193b6247a854097ab1dfed00 |
|
| /// File Name: |
qps-1.4.4.tar.gz |
Description:
|
Qps - Visual Process Manager. X11 version of "top" or "ps" that displays processes in a window and lets you sort and manipulate them.
| | File Size: | 131423 | | Last Modified: | Aug 16 20:02:22 1999 |
| MD5 Checksum: | eed5952fcd88e4f2398ae9353f786dc1 |
|
| /// File Name: |
libnids-1.20.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Added wscale option parsing; surprisingly, it seems to be in some use, added nids_dispatch(), for systems which do not ignore pcap timeout, and the ability to specify hosts/networks for which we do not check checksums. | | File Size: | 119226 | | Last Modified: | Feb 18 00:18:56 2005 |
| MD5 Checksum: | a36cbd45cbada12420ecc8f82a7e0852 |
|
| /// File Name: |
mon-0.38pre7.tar.gz |
Description:
|
mon 0.38pre7 - "mon" is an extensible fault detection package which can be used to monitor network and system resources. It is most useful for system and network administrators who are responsible for maintaining the operation of networks of hundreds or possibly thousands of nodes.
| | Author: | Jim Trocki | | Changes: | Changes to period behavior, trap enhancements, basedir support, and more. mon-0.38pre7.tar.gz.sign. | | File Size: | 117141 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 663a1a9e21ec3e7b90e05fe8fde11705 |
|
| /// File Name: |
libnids-1.19.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Multiple bug fixes. | | File Size: | 115758 | | Last Modified: | Aug 9 17:37:18 2004 |
| MD5 Checksum: | 863125dbcc43d1ac8c044622e5b08787 |
|
| /// File Name: |
distack-1.1.0-dev.tar.gz |
Description:
|
Distack is a framework for local and distributed attack detection and traffic analysis. It can run on live interfaces or traces files, as well as in simulation environments. Therefore it provides easy ways to develop attack detection mechanisms and evaluate them on a large-scale in simulated networks.
| | Homepage: | http://www.tm.uka.de/distack | | File Size: | 114712 | | Last Modified: | Sep 3 17:27:17 2008 |
| MD5 Checksum: | 3fb4c5502309f3badd504a961d5c19db |
|
| /// File Name: |
libnids-1.18.tar.gz |
Description:
|
Libnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit (quite a bit ;)), and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
| | Author: | Nergal | | Homepage: | http://libnids.sourceforge.net | | Changes: | Rejection of TCP packets with old timestamp, fixed memory corruption, and more. | | File Size: | 114013 | | Last Modified: | Oct 17 18:10:35 2003 |
| MD5 Checksum: | 9ee6dcdfac97bae6fe611aa27d2594a5 |
|
| /// File Name: |
mon-0.38.12.tar.gz |
Description:
|
mon 0.38pre12 - "mon" is an extensible fault detection package which can be used to monitor network and system resources. It is most useful for system and network administrators who are responsible for maintaining the operation of networks of hundreds or possibly thousands of nodes.
| | Author: | Jim Trocki | | Changes: | Too many new feature, additions, code cleanups, and bugfixes to list; see the CHANGES file. mon-0.38.12.tar.gz.sign. | | File Size: | 111393 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | ad40b05fb571ef4e4442aae3a0edbbaa |
|
| /// File Name: |
bubblegum-1.12.tar.gz |
Description:
|
Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, logging the changes. It can run an external command, read files from a filelist, and more.
| | Homepage: | http://cyclic.sourceforge.net/bubblegum | | Changes: | Build fix for RedHat. Support for directory recursion. Port to Solaris. | | File Size: | 111091 | | Last Modified: | Oct 4 23:51:52 2006 |
| MD5 Checksum: | b0cea809735aa3ab85cbc3a577ef8aeb |
|
| /// File Name: |
pakemon-0.3.0.tar.gz |
Description:
|
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic. Tested on RedHat Linux 6.2j, OpenBSD2.7, FreeBSD 3.3, and NetBSD 1.4.
| | Homepage: | http://www.sfc.keio.ac.jp/~keiji/ids/pakemon | | File Size: | 109148 | | Last Modified: | Nov 29 04:07:36 2000 |
| MD5 Checksum: | 27e99d6a8e76d6b18741e19625018f6c |
|
| /// File Name: |
logcheck_1.2.43a.tar.gz |
Description:
|
Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
| | Author: | Todd Troxell | | Homepage: | http://logcheck.org/ | | Changes: | Various updates. See changelog. | | File Size: | 108932 | | Last Modified: | Feb 25 21:06:53 2006 |
| MD5 Checksum: | 43d89ab60356afc2294949e5ab8cf659 |
|
| /// File Name: |
pakemon-0.3.0b4-2.tar.gz |
Description:
|
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic.
| | Homepage: | http://www.sfc.keio.ac.jp/~keiji/ids/pakemon | | File Size: | 108519 | | Last Modified: | Oct 29 01:52:56 2000 |
| MD5 Checksum: | 3e99f29f9e8c6084bde9857991b4a1a6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
