Section: .. / UNIX / IDS /
| /// File Name: |
honeyd-0.8b.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Several bugs that would cause operating system detection with nmap to fail were fixed along with compilation issues for honeydctl on Linux and *BSD. Support for log rotation via SIGUSR1 was added. | | File Size: | 523808 | | Last Modified: | Apr 20 15:25:23 2004 |
| MD5 Checksum: | 4f287d8d1abe22f96fe74f1318186617 |
|
| /// File Name: |
honeyd-1.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.honeyd.org | | Changes: | The new release contains a bunch of new features: - Honeyd stats collector - Improved Subsystem support - Examples of real subsystems - fixed security issue allowing remote identification. | | File Size: | 893208 | | Last Modified: | Feb 16 17:59:03 2006 |
| MD5 Checksum: | cf328a2443f1f4233c6117fbf0a72de3 |
|
| /// File Name: |
hostsentry-0.02.tar.gz |
Description:
|
HostSentry v0.02 is a host based intrusion detection tool that performs Login Anomaly Detection (LAD), and is the most recent edition to the Abacus Project suite of security tools. This tool allows administrators to spot strange login behavior and quickly respond to compromised accounts and unusual behavior. HostSentry incorporates a dynamic database and actually "learns" the user login behavior. This behavior is then utilized by modular signatures to detect unusual events. Specifically, HostSentry monitors system login accounting records in real-time (wtmp/utmp). These records are used to build a dynamic database of active users and run a series of signature modules during the login and logout phases. The signature modules are pluggable and easily activated or deactivated by the admin. An example wrapper is included to allow administrators to add new signatures. The current list of signatures includes: moduleLoginLogout - Generic audit trail of all user login and logouts. moduleFirstLogin - Alerts administrators if this user is logging in for the first time. moduleForeignDomain - A login was detected from a domain not listed in the allowed domains file. moduleRhostCheck - A user's .rhosts file contains a wildcard or other dangerous modification. moduleHistoryTruncated - A user's .history file is missing, truncated to zero bytes, or symlinked (i.e. /dev/null). moduleOddDirnames - A user's directory contains suspicious directory names on logout (" ..", "...", etc.). moduleMultipleLogins - A single username has multiple concurrent logins from different domains. moduleOddLoginTime - A user is logging in at an odd hour for their usage pattern (not implemented yet). moduleInvalidUtmp - A corresponding utmp/wtmp entry for this login cannot be found (entry possibly removed) (not implemented yet). moduleHistorySuspicious - The user's history file contains suspicious commands (not implemented yet). moduleNetworkDaemon - The user logged out but left a listening network socket operating (private web server, IRC bot, etc.) (not implemented yet). moduleFileExists - A file was found in the user's directory that is listed in the banned/monitored list of the site (not implemented yet). First release.
| | Author: | Craig H. Rowland | | File Size: | 33983 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 3de0bbb7d456bb53683de56dfdf98362 |
|
| /// File Name: |
hum-A-0.2.1.tar.gz |
Description:
|
HummingBird is a distributed component for any Intrusion Detection System. Features: Share security information with any Internet host, Powerful search-able database of security relevant data, Easy to use data visualization, Detects light but network wide attacks, Keeps historical data of system status, Hosts can be organized in a hierarchy for better management and information flow, Java interface for alert messages.
| | Author: | HummingBird Project | | File Size: | 1272895 | | Last Modified: | Aug 16 20:02:30 1999 |
| MD5 Checksum: | 832b9e63563cb0688313e10812d66ba5 |
|
| /// File Name: |
hum-A-101898.tar.gz |
Description:
|
See above.
| | File Size: | 1658435 | | Last Modified: | Aug 16 20:02:31 1999 |
| MD5 Checksum: | 2f1090e6c66b0c4ca32eab75e11f32bf |
|
| /// File Name: |
hum-A-summer98.tar.gz |
Description:
|
See above.
| | File Size: | 1666155 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 812a7853f61938018b11b18efbd471c2 |
|
| /// File Name: |
hummer-A-062799.tar.gz |
Description:
|
See above.
| | File Size: | 981941 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | bfbccb1fe39714dd690884c98296b5c4 |
|
| /// File Name: |
icmp-0.9.tar.gz |
Description:
|
IMON v0.9b is a powerful tool to monitor/analyze ICMP traffic on your LAN (includes LOKI backdoor detection).
| | Author: | Stealth | | File Size: | 15950 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 7c82926086a0c749ec83bf5f3e33dfb6 |
|
| /// File Name: |
icmp.tar.gz |
Description:
|
IMON is a powerful tool to monitor/analyze ICMP traffic on your LAN. With IMON you are able to analyze ICMP messages going through your network interface.
| | Author: | Stealth of KALUG | | File Size: | 12876 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 40507b1604c5b53e75a9b502d6972865 |
|
| /// File Name: |
icmpinfo-1.11.tar.gz |
Description:
|
Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
| | File Size: | 13712 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 65c3acdf2f87f9ab9aa1a055d76f8976 |
|
| /// File Name: |
icmpmon.c |
Description:
|
icmpmon will show you all ICMP packets reaching your box, which could be useful in detecting attacks/portscans sometimes.
| | Author: | CyberPsychotic | | File Size: | 2579 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | d5afe56be732dcec59d8890f134620f6 |
|
| /// File Name: |
ICU-0.1.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | File Size: | 35881 | | Last Modified: | Dec 8 03:21:55 2000 |
| MD5 Checksum: | ed1e20bda4f0c0ba76e78556712282b9 |
|
| /// File Name: |
ICU-0.3.tar.gz |
Description:
|
ICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
| | Homepage: | http://nitzer.dhs.org/ICU/ICU.html | | Changes: | Bug fixes and new features. | | File Size: | 43464 | | Last Modified: | Feb 4 22:12:45 2001 |
| MD5 Checksum: | 1bffbcb530e6a5967763d9c91faa5c28 |
|
| /// File Name: |
ifstatus2.2.tar.gz |
Description:
|
Ifstatus checks all network interfaces on the system, and reports any that are in debug or promiscuous mode, which may be a sign of unauthorized access to the system.
| | Author: | David A. Curry | | File Size: | 12295 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 3da19339275d0f06fb48620f79ef6499 |
|
| /// File Name: |
impost-0.1pre1.tar.gz |
Description:
|
Impost is a multi-purpose scriptable network protocol security auditing tool designed for analyzing network attacks and exploitations while operating as a honey pot or packet sniffer.
| | Author: | ziplock | | Homepage: | http://impost.sourceforge.net/ | | File Size: | 88064 | | Last Modified: | Aug 5 01:50:45 2004 |
| MD5 Checksum: | 2c07ba887fb19ee2ac2727fda42d665b |
|
| /// File Name: |
impost-0.1rc1.tar.gz |
Description:
|
Impost is a multi-purpose scriptable network protocol security auditing tool designed for analyzing network attacks and exploitations while operating as a honey pot or packet sniffer.
| | Author: | ziplock | | Homepage: | http://impost.sourceforge.net/ | | Changes: | New features and various algorithmic improvements. | | File Size: | 369524 | | Last Modified: | Aug 30 23:34:33 2004 |
| MD5 Checksum: | 41c2e3e9c2b19df1a0f2e20b7c6a565f |
|
| /// File Name: |
instmon-1.2.tar.gz |
Description:
|
instmon is a shell script that monitors installations and detects the files that were added or modified. It can be very helpful for packages that only come in source form. It can be used by system administrators and simple users alike. instmon home page
| | File Size: | 12330 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 81be9cb76ff83503f46dedd5c0b127bc |
|
| /// File Name: |
instmon-1.3.tar.gz |
Description:
|
instmon v1.3 - instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis | | File Size: | 13856 | | Last Modified: | Aug 16 20:02:34 1999 |
| MD5 Checksum: | 0b27b1ae6f11656b9332449453696aca |
|
| /// File Name: |
instmon-1.4.tar.gz |
Description:
|
instmon v1.4 - instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis | | File Size: | 14598 | | Last Modified: | Aug 16 20:02:37 1999 |
| MD5 Checksum: | 4d34efd29c813828f938a771eacd8a1b |
|
| /// File Name: |
instmon-1.5.tar.gz |
Description:
|
instmon is a shell script that monitors installations and detects the files that were added or modified.
| | Author: | Vasilis Vasaitis | | Changes: | Slightly changed the default search list (added /var/lib) and the default exclude list (added /root); instmon now uses $TMPDIR when set; Comparisons between version numbers are now done in a different way, which is more correct for the UN*X world; Fixed to work with RPM >= 2.5.0; Empty directories are now removed even more aggressively; Things are becoming complicated, so the awk command is now required, and instmon has to store some helper scripts (currently one) in /usr/local/lib/instmon. | | File Size: | 15539 | | Last Modified: | Aug 16 20:02:44 1999 |
| MD5 Checksum: | 84857431c0daee01c59e1231e2340712 |
|
| /// File Name: |
integrit-1.05.03.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | First stable release! Includes a new tool, i-ls, that allows users to view integrit-related information (ctime, SHA-1 checksum, etc.) for live files. Also, there are improvements to the installation procedures portability. | | File Size: | 152992 | | Last Modified: | Jan 22 21:41:35 2001 |
| MD5 Checksum: | 7ad01d9e2bac28d47e439ea23d1d7cbf |
|
| /// File Name: |
integrit-1.06.06.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | The byte-order problem was solved, allowing integrit to run properly on big-endian machines. An RPM spec file was added. The report includes more information and is more readable. More error checking and code enhancements were added. Portability has been improved after abandoning readdir_r. | | File Size: | 156974 | | Last Modified: | Feb 20 18:03:22 2001 |
| MD5 Checksum: | 8d7f2abfb648a69e89778c72466c63ed |
|
| /// File Name: |
integrit-3.05.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Documented Chris Johns changes and updated Makefile targets for developers. | | File Size: | 262784 | | Last Modified: | Sep 22 03:22:14 2005 |
| MD5 Checksum: | a251a27f6b815e51c356cf81e8f2dc5e |
|
| /// File Name: |
integrit-4.0.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Updated output format for "new" file checksums to match "removed". | | File Size: | 266001 | | Last Modified: | Aug 17 02:26:02 2006 |
| MD5 Checksum: | 2f6a7e28e48b0cbc8214648e3224703b |
|
| /// File Name: |
integrit-4.1.tar.gz |
Description:
|
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
| | Homepage: | http://integrit.sourceforge.net | | Changes: | Fixed exit status, considering missing files correctly as a change. | | File Size: | 271626 | | Last Modified: | Jun 6 18:30:51 2007 |
| MD5 Checksum: | f51a5b558981a5d90e7d6f4e7e269a46 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
