Section: .. / UNIX / IDS /
| /// File Name: |
dtk-0.9.tar |
Description:
|
The Deception ToolKit (DTK) is a toolkit designed to give defenders a couple of orders of magnitude advantage over attackers. We use deception to counter attacks. In the case of DTK, the deception is intended to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. DTK's deception is programmable, but it is typically limited to producing output in response to attacker input in such a way as to simulate the behavior of a system which is vulnerable to the attackers method. V0.9 introduces the fake operating system name to the configure file and appropriate changes to deceptions to include this deception throughout the distribution. It also does automatic configuration of the secure Web server (thttpd) and generic.c and support for SCO Unix. 1.1MB.
| | Author: | Fred Cohen and Associates | | File Size: | 1105920 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | f10ae74d52935f3aec9f9e30a8aff8f0 |
|
| /// File Name: |
dtk-1999-01-07.tar |
Description:
|
Deception Toolkit v1999-01-07 - DTK simply listens for inputs and provides responses that seem normal (i.e., full of bugs). In the process, it logs what is being done, provides sensible (if not quite perfect) answers, and lulls the attacker into a false sense of (your) insecurity. Has too many great features to list here, so check out The Deception Toolkit Home Page. DTK v1999-01-07 makes several minor improvements and contains some minor bugfixes.
| | Author: | Fred Cohen and Associates | | File Size: | 931840 | | Last Modified: | Aug 16 20:02:35 1999 |
| MD5 Checksum: | 4c0030b526823e9c992114353551fb32 |
|
| /// File Name: |
ears-0.7.tar.gz |
Description:
|
EARS (Emergency Audit Response System) v0.7 - EARS is a console tool designed to detect, monitor and respond to annomalies (such as intrusions) in real time. It offers complete control of the process table, filesystem(s) and network interface(s) maintained by the operating system. Autonomous functionality is optional as a separate module.
| | Author: | Tishina Syndicate | | File Size: | 31272 | | Last Modified: | Aug 16 20:02:36 1999 |
| MD5 Checksum: | b930fa48b3ad122aeb0b95a61563e2a7 |
|
| /// File Name: |
emonitor-v-0.6.tar.gz |
Description:
|
emonitor 0.6 is a notification, action-based system for network, system and application monitoring. emonitor includes the following tools: emsrvmsg (Event Monitor Server Message), emsrvcmd (Event Monitor Server Command), emtlog (Event Monitor Transaction Logger), emconsole (Event Monitor Console), emputcmd (Event Monitor Put Command), emputmsg (Event Monitor Put message). The Event Monitor Project
| | File Size: | 409580 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 419b432a7d2d4ccf09d4b5754602378c |
|
| /// File Name: |
emonitor.lsm |
Description:
|
emonitor description.
| | File Size: | 7605 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 2c54f5fb7b13c0c24b5c4057c44a11f6 |
|
| /// File Name: |
eng-4.23-public.rar |
Description:
|
ENG, or Encore Next Generation, is a false-negative morphic tool that can bypass IDS/IPS via the randomization of return addresses, random writable addresses, junk code injection, and more.
| | Author: | Nelson Brito | | File Size: | 632464 | | Last Modified: | Sep 20 14:56:47 2008 |
| MD5 Checksum: | 10f2c84adb27a488a0c5f1435b156cda |
|
| /// File Name: |
eoe232.tar.gz |
Description:
|
Eyes on Exec 2.32 is a set of tools which you can use to build your own host based IDS. It watches for programs getting exec'd and logs information about it to a file. Combined with perl this can be extremely powerful. Requires linux kernel 2.2.
| | Author: | S. Krahmer | | File Size: | 19754 | | Last Modified: | Nov 15 19:12:12 1999 |
| MD5 Checksum: | 1667d49e89e15406b5db030836e7d798 |
|
| /// File Name: |
FCheck_2.07.45.tar.gz |
Description:
|
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Mike Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | File Size: | 23899 | | Last Modified: | Oct 20 14:50:02 1999 |
| MD5 Checksum: | 88d587fa9a0254f370db3c4d569dc4bb |
|
| /// File Name: |
FCheck_2.07.51.tar.gz |
Description:
|
FCHECK is a very stable PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Mike Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | Fixes for the configuration files trailing space bug (fixed security hole), major bug fixes. | | File Size: | 25612 | | Last Modified: | Apr 11 18:13:21 2000 |
| MD5 Checksum: | 5e475dbaa313aa77d94bc4756ace47c5 |
|
| /// File Name: |
FCheck_2.07.54.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | The output was streamlined to display only details of what has changed. Individual file checking was added, along with checking of UID, GID, and major/minor numbers of special files. The database is now maintained in one file, allowing easier support of distributed systems. | | File Size: | 32492 | | Last Modified: | Nov 15 00:32:29 2000 |
| MD5 Checksum: | bdbe23a165ef4d8b99689d01a264bb2e |
|
| /// File Name: |
FCheck_2.7.55.tar.gz |
Description:
|
FCheck is a very stable perl script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done very frequently if a system's drive space is small enough, making it more difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use.
| | Author: | Michael A. Gumienny | | Homepage: | http://sites.netscape.net/fcheck/fcheck.html | | Changes: | Fixed bugs in the "Exclude" routine. | | File Size: | 32398 | | Last Modified: | Dec 11 22:01:49 2000 |
| MD5 Checksum: | 9920799b580d5d729c561a7d69abdcc8 |
|
| /// File Name: |
ficc-1.2.tar.gz |
Description:
|
File Integrity Command & Control (FICC) helps system administrators manage multiple Tripwire installations across their network. It maintains MD5 hashes for the three key Tripwire files (the config file, executable, and TW database) for every system it monitors. It retrieves these key files from each system via SCP and compares the computed signature against the signatures in the FICC signature database. If all three signatures match the database, FICC then connects to the host via SSH and runs Tripwire.
| | Author: | Terry Ott | | Homepage: | http://www.firsttracks.net/ficc/overview.php | | Changes: | The "quick_check" option for hosts was added, allowing FICC to download only the MD5 executable for the target host. If the checksum of the remote MD5 executable is unchanged, FICC then runs the remote MD5 executable on the remaining files (the Tripwire executable, database, and config file), dramatically reducing bandwidth usage and runtime. | | File Size: | 19981 | | Last Modified: | Nov 24 14:56:11 2003 |
| MD5 Checksum: | 6fb5b94ff86b6ec9f3a03acaac29b769 |
|
| /// File Name: |
filetraq-0.1.tgz |
Description:
|
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
| | Author: | Jeremy Weatherford | | Homepage: | http://filetraq.xidus.net | | File Size: | 9985 | | Last Modified: | Jan 2 14:06:59 2000 |
| MD5 Checksum: | 80f29eda6ce691762a12d222dbd742d8 |
|
| /// File Name: |
filetraq-0.2.tgz |
Description:
|
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups.
| | Author: | Jeremy Weatherford | | Homepage: | http://filetraq.xidus.net | | Changes: | Comment lines are now permitted in the config file, wildcard matches are now possible, and entire directories can be checked. | | File Size: | 10659 | | Last Modified: | Jan 4 03:50:01 2000 |
| MD5 Checksum: | 91ea3b7350d795e2ad6e9d6da0954bc7 |
|
| /// File Name: |
fileutils-4.0-lm.tar.gz |
Description:
|
Landmine Fileutils is a modified fileutils package for Linux which logs the arguments used for execution to syslog. Includes patched copies of chmod, chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | File Size: | 1175398 | | Last Modified: | Sep 5 21:58:42 2000 |
| MD5 Checksum: | f21184a3e76e3758813651b77d1c092e |
|
| /// File Name: |
firesoft.tar.gz |
Description:
|
firesoft is a collection of Perl scripts for viewing snort-generated logs and ipchains logs. The package includes a bar chart creator from ipchains logs, to quickly view who has been scanning you the most.
| | Author: | Angelos Karageorgiou | | File Size: | 2026 | | Last Modified: | Nov 8 20:12:30 1999 |
| MD5 Checksum: | 8c68337186a4666bd70651c5764ed602 |
|
| /// File Name: |
firestorm-0.1.2.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | This release allows rule criteria to be negated, includes a string/content matcher, support for bidirectional snort rules, a TTL matcher, an IP ID matcher, and lots of other little fixes. | | File Size: | 142774 | | Last Modified: | May 29 18:46:32 2001 |
| MD5 Checksum: | bc70351bf359f52a926f0e8273d12701 |
|
| /// File Name: |
firestorm-0.1.3.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | New TCP flags, ICMP sequence, and ID matchers, bugfixes, a more verbose alert target, and improved documentation. | | File Size: | 144241 | | Last Modified: | Jun 7 14:50:12 2001 |
| MD5 Checksum: | 6535757480bdcaca23579488b294503a |
|
| /// File Name: |
firestorm-0.2.0.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Re-Designed packet encode engine which supports encapsulation. A final few issues in the snort parser have been resolved. A log target (logs to tcpdump files) was added. Bugs were fixed, | | File Size: | 169767 | | Last Modified: | Jul 25 05:07:12 2001 |
| MD5 Checksum: | f48dd7f1d7ff24f5fd12b76f3c91b160 |
|
| /// File Name: |
firestorm-0.2.1.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Sensors can now send data out to a central server over the Internet. Some bugs were fixed, and work on a firestorm daemon was started. | | File Size: | 173227 | | Last Modified: | Sep 5 02:10:26 2001 |
| MD5 Checksum: | f04e16e415bf5112909eaa51ad2ba81c |
|
| /// File Name: |
firestorm-0.2.2.tar.gz |
Description:
|
Firestorm is a Network Intrusion Detection sensor which is multi-threaded, fast, and is pluggable at almost every point.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Many snort compatibility fixes were made. All the snort 1.7 rules work. Most of the snort 1.8 rules work. Lots of bugs were fixed. | | File Size: | 179057 | | Last Modified: | Sep 27 01:22:02 2001 |
| MD5 Checksum: | 3d4249dc04cb8ae49d422e4bbcadb656 |
|
| /// File Name: |
firestorm-0.4.3.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Lots of bugs have been fixed. An 802.1q (VLAN) decode plugin has been added. | | File Size: | 143763 | | Last Modified: | Jun 3 01:48:29 2002 |
| MD5 Checksum: | 47b4ad43b07f648553dc77cadf44b1a7 |
|
| /// File Name: |
firestorm-0.4.4.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Added TCP stateful inspection, a 'fragoffset' matcher and the 'stateless' keyword were added. Bugs were fixed. | | File Size: | 146635 | | Last Modified: | Jun 10 03:19:32 2002 |
| MD5 Checksum: | 91f13cdc017c0ebb3c21ff230db198c3 |
|
| /// File Name: |
firestorm-0.4.6.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Fixed a bug which caused tcpdump log files to get overwritten. The TCP state tracking code was completely rewritten and is now much more accurate and efficient. Support for HTTP URI content matching was added. Snort signatures are now bundled with default packages. | | File Size: | 226441 | | Last Modified: | Aug 21 01:52:18 2002 |
| MD5 Checksum: | e8be7fbdee729a9e2d862d16fcbcefc3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
