Section: .. / UNIX / IDS /
| /// File Name: |
rpc_gotcha_beta1.1.tar.gz |
Description:
|
Rpc_Gotcha is a network based intrusion detection tool for detecting rpc based scans and attacks (buffer overflows). The program will passively sit on the network perimeter and process packets while analyzing the rpc message data payload looking for signs of a possible attack. Rpc_Gotcha will log all rpc calls made to the network and display payload data for possible attacks. Changes : This version has some major bug fixes , memory leaks and signature issues. It will also read tcpdump capture files in a batch mode.
| | Author: | Chad Renfro | | Homepage: | http://renfro.homepage.com/archive.htm | | File Size: | 8321 | | Last Modified: | Oct 21 17:23:46 1999 |
| MD5 Checksum: | 4ccf621425f9493c349e7751f63fdb4f |
|
| /// File Name: |
lads-0.8.tar.bz2 |
Description:
|
Login Anomaly Detection System (LADS) detects anomalies in logins and logouts and can perform various actions in response.
| | Author: | Fred | | Homepage: | http://www.lepied.com/lads | | Changes: | Fixes a bug in IP address reporting and a bug that prevented correct logging. | | File Size: | 8151 | | Last Modified: | Dec 14 17:30:36 2003 |
| MD5 Checksum: | 0908e52ffc65a6fa16b7906b60dd2908 |
|
| /// File Name: |
emonitor.lsm |
Description:
|
emonitor description.
| | File Size: | 7605 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 2c54f5fb7b13c0c24b5c4057c44a11f6 |
|
| /// File Name: |
detect-scans-060.tar.gz |
Description:
|
This logs and notifies you of portscans run against your host. Some kinds of D.o.S attacks might also get logged.
| | File Size: | 7310 | | Last Modified: | Aug 16 20:02:25 1999 |
| MD5 Checksum: | d28524ca853ef0809de3ba50e212b7bf |
|
| /// File Name: |
sysmon.pl |
Description:
|
This script, run on a regular (daily) basis, keeps tabs on root accounts and set[ug]id root files.
| | File Size: | 7148 | | Last Modified: | Aug 16 20:02:21 1999 |
| MD5 Checksum: | e63a290974e3c6dc991a866f53e5ad5a |
|
| /// File Name: |
checksyslog12.tar.gz |
Description:
|
Analyze your syslogs for security or system problems by creating a list of normal behaviour to ignore; everything else is something you should be aware of. Requires perl 5.
| | Homepage: | http://www.jammed.com/%7Ejwa/Security/ | | File Size: | 6585 | | Last Modified: | Dec 13 05:26:20 1999 |
| MD5 Checksum: | d4f7effb572e634a7af623ea4e6a99db |
|
| /// File Name: |
autobuse.lsm |
Description:
|
More detailed description of Autobuse.
| | File Size: | 6553 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 31e60b79f4dc14895f8b82b90a45c061 |
|
| /// File Name: |
detect-satan.pl |
Description:
|
detect-satan.pl
| | File Size: | 6541 | | Last Modified: | Aug 16 20:02:15 1999 |
| MD5 Checksum: | f7a7467e452cef02bbf5a2ad6a041655 |
|
| /// File Name: |
stjude-0.4.tgz |
Description:
|
StJude is an attempt to monitor the flow of privilege in my Solaris boxes. It tries to detect privilege violations or improper transitions (ie stack smashing, or other local root exploits) by watching audit trails.
| | Author: | Tim Lawless | | File Size: | 6277 | | Last Modified: | Mar 6 15:47:53 2000 |
| MD5 Checksum: | b416a0164c195804d20a79668d919373 |
|
| /// File Name: |
claymore.tar.gz |
Description:
|
Claymore v0.3 is an intrusion detection and integrity monitoring system. To accomplish its task, it runs from cron and reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses.
| | Author: | Sam Carter | | Homepage: | http://linux.rice.edu/magic/claymore/ | | Changes: | This release adds ownership / permission tracking and switches to the Digest::MD5 instead of md5sum. | | File Size: | 6239 | | Last Modified: | Oct 3 17:38:28 2000 |
| MD5 Checksum: | 1288658c2152454fa372ceffd319d9fe |
|
| /// File Name: |
bgcheck-0.5.tar.gz |
Description:
|
bgcheck 0.5 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
| | Author: | blue | | Changes: | added support for long usernames, fixed ftpd spawn detection to work with proftpd, possibly others. | | File Size: | 6206 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | a9f62bd27c830d84b9d7d2c4665f6f2a |
|
| /// File Name: |
viperdb-0.9.3.tar.gz |
Description:
|
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
| | Author: | Peter Surda | | Homepage: | http://panorama.sth.ac.at/viperdb | | File Size: | 5997 | | Last Modified: | Feb 23 17:37:31 2001 |
| MD5 Checksum: | 2170734913963ac2e62e00288ba14cb9 |
|
| /// File Name: |
whowatch-1.0.5.tar.gz |
Description:
|
whowatch 1.0.5 - Whowatch is an ncurses who-like utility which displays informations about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh).
| | Author: | Michal Suszycki | | Changes: | Added ability to toggle display between processes and users' idle time, added 'local' type of login, better response for key pressing, and several bugfixes. | | File Size: | 5988 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | 5e0e39d1e3d1ad8051abeb0b5d4a9ccc |
|
| /// File Name: |
bogon.c |
Description:
|
Remote promiscuous ethernet detector.
| | Author: | Richard W.M. Jones | | File Size: | 5968 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 3187a25e1c0e0ef31a65ce3dde0f252a |
|
| /// File Name: |
gogmagog-1.tar.gz |
Description:
|
UNIX systems integrity monitor - highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind.
| | Author: | C. Parisel | | File Size: | 5934 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 73a163942b986ae4d0d09d0dfd47410b |
|
| /// File Name: |
bgcheck-0.4.tar.gz |
Description:
|
bgcheck 0.4 - bgcheck is a process monitor for Linux written in perl that can be used by administrators to limit the number of background processes that each user can run.
| | Author: | blue | | Changes: | Fixed major problems handling ftp processes and added exception list for programs. | | File Size: | 5635 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 914c853198372275c51a07f8ba80f883 |
|
| /// File Name: |
thor1.0.tar.gz |
Description:
|
thor.pl 1.0 - thor.pl keeps tabs on suid and sgid files on your file system. It also keeps track of the checksums of your binaries and the root accounts on the system as well as a few other things. It's a handy script that helps you find possible security risks, or breakins.
| | Author: | Jerry Kilpatrick | | File Size: | 5264 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | d25bf542ae37a2fadc15d28b5f92faab |
|
| /// File Name: |
clownids.tgz |
Description:
|
ClownIDS v1.0 verifies the md5 checksums of files and mails the admin and runs scripts when a problem is found.
| | Author: | Mimayin | | Homepage: | http://lsa.mine.nu | | File Size: | 5189 | | Last Modified: | Jul 5 20:30:27 2002 |
| MD5 Checksum: | 866ca32bbd6963b29101fa3e3a2a7889 |
|
| /// File Name: |
coderedwarn0_0b2.tar.gz |
Description:
|
Code Red Warn is a perl script which runs as a daemon and watches apache logs to notify you each time you are scanned with code red.
| | Author: | Jonathan Hayward | | Homepage: | http://JonathansCorner.com | | Changes: | The recipient list has been adjusted to be more SMTP-compliant. A suggested way to run without keeping bounce messages in queue has been provided. SMTP connections are tested on the remote host before sending, and the 404 on home page download has been fixed. | | File Size: | 5185 | | Last Modified: | Aug 11 17:09:52 2001 |
| MD5 Checksum: | 6fe77e9e6963429809eeb9bc90c79f54 |
|
| /// File Name: |
fupids.tgz |
Description:
|
fupids (the fuzzy userprofile intrusion detection system) is a user-profile based IDS for the OpenBSD kernel. It modifies certain syscalls in order to detect suspicious behavior. For example, it watches for network devices being set to promiscuous mode, and it watches for the creation of listen() sockets by users. fupids also handles a program profile for your local users, and it can find attackers who overtake existing accounts.
| | Author: | Steffen Wendzel | | Homepage: | http://www.wendzel.de/?sub=softw&ssub=fupids | | File Size: | 5177 | | Last Modified: | Dec 6 13:37:01 2003 |
| MD5 Checksum: | 791692e1f0a3ea124c366d0f6eeda08f |
|
| /// File Name: |
dirwatch101.c |
Description:
|
dirwatch101 monitors a directory and all the files in it for any changes, any files that have new data added to them, that data logged to a file.
| | Author: | ajax | | File Size: | 5072 | | Last Modified: | Aug 16 20:02:38 1999 |
| MD5 Checksum: | 169413ea791c3b169daba6b03e99bcea |
|
| /// File Name: |
slipwire |
Description:
|
slipwire.pl v1.1 is the first iteration of a filesystem integrity checker. It compares the MD5 hashes of files to an initial state and alerts the user of any changes.
| | Author: | James Quinby | | Homepage: | http://packet.node.to/ | | Changes: | The dependency on the md5 command has been removed by using the Digest:: modules for Perl, and SHA-1 hashes are now used instead of MD5. | | File Size: | 5025 | | Last Modified: | Feb 18 15:31:30 2000 |
| MD5 Checksum: | d32f3caea448249e2c4d223c90af5db7 |
|
| /// File Name: |
neped.c |
Description:
|
Network Promiscuous Ethernet Detector. neped scans your subnet and detects promiscuous linux boxes that might be running sniffers or similar applications, using hacked ARPs (non broadcast), only listened by promiscuous ethernets. The answer to hacked ARPs expose promiscuity (presume sniffer). Runs on Linux 2.x with GlibC or libc5.
| | Author: | Els Apostols | | File Size: | 5011 | | Last Modified: | Aug 16 20:02:28 1999 |
| MD5 Checksum: | c985154f4743b9b0ebd0c2c4d86fad65 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
