Section: .. / sniffers / snort /
| /// File Name: |
Spade-092200.1.tar.gz |
Description:
|
Spade stands for Statistical Packet Anomaly Detection Engine. It is a Snort preprocessor plugin to report and score unusual, possibly suspicious, packets. The anomaly score that is assigned is based on the observed history of the network. The fewer times that a particular kind of packet has occurred in the past, the higher its anomaly score will be. Based on the SPICE Whitepaper.
| | Author: | Jim Hoagland, Stuart Staniford | | Homepage: | http://www.silicondefense.com/spice | | File Size: | 67710 | | Last Modified: | Sep 30 21:33:13 2000 |
| MD5 Checksum: | f267f2e710d4c208d0810689f5900f86 |
|
| /// File Name: |
snort-0.99.tar.gz |
Description:
|
Snort v0.99 - packet logger - This program reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. Good logging capabilities, useful for IDS, debugging network code. It now supports rules based logging and tracks conversations better, incorporates content based logging and automatic rules sorting. 66k.
| | Author: | Martin Roesch. | | File Size: | 67442 | | Last Modified: | Aug 16 20:13:51 1999 |
| MD5 Checksum: | f1cc0a921c09f05e6a2c751d4b2e1ded |
|
| /// File Name: |
SnortSnarf-100400.1.tar.gz |
Description:
|
SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System, and produce HTML output intended for diagnostic inspection and tracking down problems. It uses a cron job to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts.
| | Author: | Stuart Staniford | | Homepage: | http://www.silicondefense.com/snortsnarf | | Changes: | New CGI script to show an updated list of alerts as text, added www.snort.org port lookup links, improved wrapping on some browsers, and bug fixes. | | File Size: | 66524 | | Last Modified: | Oct 8 14:28:34 2000 |
| MD5 Checksum: | 9604cef4264c0ae9c8f883b9c00e4d6d |
|
| /// File Name: |
incident-2.9.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Author: | Viraj Alankar | | Homepage: | http://www.bigfoot.com/~valankar/ | | Changes: | RIPE redirect stopped working due to arin result changing. Fixed. | | File Size: | 65331 | | Last Modified: | Nov 20 15:06:55 2005 |
| MD5 Checksum: | a294cb57de5f5dc3e63f3e100a8808aa |
|
| /// File Name: |
incident-2.3.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | When showing an excerpt of logs, the number of matching lines is now shown to express the severity of attack. A bug was also fixed that would consider certain FQDNs as IPs. | | File Size: | 65308 | | Last Modified: | Aug 30 01:15:46 2002 |
| MD5 Checksum: | 41d2385db00ec530293f43697d44b317 |
|
| /// File Name: |
incident-2.8.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Author: | Viraj Alankar | | Homepage: | http://www.bigfoot.com/~valankar/ | | Changes: | Various bug fixes. | | File Size: | 65292 | | Last Modified: | Sep 4 15:11:00 2003 |
| MD5 Checksum: | 57cdf97dd8791ff46107e11288ba649e |
|
| /// File Name: |
incident-2.2.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | Whois.abuse.net is now queried for contacts. An option to not ignore 'Received:' lines in the input has been added. | | File Size: | 65137 | | Last Modified: | Jun 3 00:41:59 2002 |
| MD5 Checksum: | 867a342d88043e99772f83e07e968309 |
|
| /// File Name: |
incident-2.4.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | Incident entries reported from WHOIS servers such as RIPE now take priority over other email addresses listed in the same WHOIS output. | | File Size: | 64962 | | Last Modified: | Dec 29 05:11:53 2002 |
| MD5 Checksum: | 392c44d76299cc35cbe36e1c05ae1ce7 |
|
| /// File Name: |
SnortSnarf-090700.1.tar.gz |
Description:
|
Unavailable.
| | File Size: | 64762 | | Last Modified: | Sep 29 10:12:23 2000 |
| MD5 Checksum: | a9d016c23460eccf547612fad46479e7 |
|
| /// File Name: |
snort-0.98.tar.gz |
Description:
|
Snort v0.98 - packet logger - This program reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. Good logging capabilities, useful for IDS, debugging network code. It now supports rules based logging and tracks conversations better.
| | Author: | Martin Roesch. | | File Size: | 63963 | | Last Modified: | Aug 16 20:13:51 1999 |
| MD5 Checksum: | d14b1b345b0ab2768449fbc45d096126 |
|
| /// File Name: |
incident-2.0.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | Switched back to WHOIS for IP lookups with a fallback to RWHOIS due to the fact that rwhois.arin.net is so often overloaded. | | File Size: | 63838 | | Last Modified: | Nov 14 02:47:41 2001 |
| MD5 Checksum: | ce37642303fc0713d5093e4ef9ac1588 |
|
| /// File Name: |
incident-1.8.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | RWHOIS is now being used for ARIN as well as domain lookups. Bugs have been fixed. | | File Size: | 60662 | | Last Modified: | Oct 18 02:17:44 2001 |
| MD5 Checksum: | 8a25ba34874ef5c871cd46ca14b95d2b |
|
| /// File Name: |
snortconf-0.2.1.tar.gz |
Description:
|
SnortConf is a tool that provides a fairly intuitive menu-based text interface for setting up the GPL IDS tool Snort. It also provides error and sanity checking on user input, and an online help facility.
| | Homepage: | http://www.xjack.org/snortconf | | File Size: | 60384 | | Last Modified: | Feb 26 23:34:12 2002 |
| MD5 Checksum: | 6583b3f44fd6dda4fd0558798df4d6a1 |
|
| /// File Name: |
oinkmaster-1.0.tar.gz |
Description:
|
Oinkmaster is simple Perl script released under the BSD license to help update and manage Snort 2.0+ rules and to comment out the unwanted ones after each update. It will report what has changed since the last update, offering good change control.
| | Author: | Andreas Östling | | Homepage: | http://nitzer.dhs.org/oinkmaster/ | | Changes: | Feature enhancements, bug fixes, and many other improvements. | | File Size: | 59252 | | Last Modified: | May 17 23:12:11 2004 |
| MD5 Checksum: | 1140fb5484944691268579ca7fc83518 |
|
| /// File Name: |
incident-1.7.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | New AU whois servers added, changed: lines from whois are now ignored unless no other contacts are found A few more whois server error messages are handled properly, and timeouts/retries for whois are now configurable. Some other minor bugfixes were also done. | | File Size: | 58273 | | Last Modified: | Oct 10 23:48:27 2001 |
| MD5 Checksum: | c095dc64bea5d14dff1d209878e5b66e |
|
| /// File Name: |
IDMEF-xml-plugin_0.1.tar.gz |
Description:
|
Intrusion Detection Message Exchange Format (IDMEF) XML output plugin for Snort - Produces IDMEF messages in response to events triggering Snort rules. It is configured in a standard Snort configuration file, and can run concurrently with existing Snort logging output.
| | Author: | Joe McAlerney | | Homepage: | http://www.silicondefense.com/idwg/snort-idmef | | File Size: | 57423 | | Last Modified: | Dec 15 17:52:10 2000 |
| MD5 Checksum: | 8a70dd0d26986bb8f7915e1f3d2935f7 |
|
| /// File Name: |
SnortSnarf-062000.1.tar.gz |
Description:
|
SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System, and produce HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts.
| | Author: | Stuart Staniford | | Homepage: | http://www.silicondefense.com/snortsnarf | | File Size: | 57272 | | Last Modified: | Jul 12 13:59:34 2000 |
| MD5 Checksum: | e76e23b9d9b77788d07c799729c120ed |
|
| /// File Name: |
snort-0.97.tar.gz |
Description:
|
Snort v0.97 - packet logger - This program reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. Good logging capabilities, useful for IDS, debugging network code.
| | Author: | Martin Roesch. | | File Size: | 55205 | | Last Modified: | Aug 16 20:13:51 1999 |
| MD5 Checksum: | 4ae1807b156b25c610822bba128f0b93 |
|
| /// File Name: |
snort-0.96.tar.gz |
Description:
|
Snort is a libpcap-based sniffer/packet logger. It's fairly portable and tested on Solaris 2.5.1 (Sparc), Solaris 2.6 (x86), Linux, and FreeBSD.
| | Author: | Martin Roesch. | | File Size: | 54662 | | Last Modified: | Aug 16 20:13:50 1999 |
| MD5 Checksum: | 838b7f7b9575fdbe68539190ad9bf3fd |
|
| /// File Name: |
oinkmaster-0.9.tar.gz |
Description:
|
Oinkmaster is simple Perl script released under the BSD license to help update and manage Snort 2.0+ rules and to comment out the unwanted ones after each update. It will report what has changed since the last update, offering good change control.
| | Author: | Andreas Östling | | Homepage: | http://nitzer.dhs.org/oinkmaster/ | | Changes: | Bug fixes. | | File Size: | 38511 | | Last Modified: | Dec 3 15:51:01 2003 |
| MD5 Checksum: | 8ed30c07f2ef5c977e1201a014bf9c5c |
|
| /// File Name: |
SnortSnmpMod-2.2.0-01.tgz |
Description:
|
The snortSnmpPlugin enables snort to send SNMP alerts to network management systems (NMS). The alerts can be traps (the alert will not be acknowledged by the receiver) or informs (the alert will be acknowledged by the receiver ). This is version 2.2.0-01.
| | Homepage: | http://www.cysol.co.jp/contrib/snortsnmp/ | | File Size: | 36609 | | Last Modified: | Oct 24 16:34:27 2004 |
| MD5 Checksum: | 816193a428dfa0950be161e1e9729fe7 |
|
| /// File Name: |
oinkmaster-0.8.tar.gz |
Description:
|
Oinkmaster is simple Perl script released under the BSD license to help update and manage Snort 2.0+ rules and to comment out the unwanted ones after each update. It will report what has changed since the last update, offering good change control.
| | Author: | Andreas Östling | | Homepage: | http://nitzer.dhs.org/oinkmaster/ | | File Size: | 31725 | | Last Modified: | Sep 3 23:28:07 2003 |
| MD5 Checksum: | e888fb4d76c78c16e205984675fea78f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
