Section: .. / UNIX / IDS /
| /// File Name: |
firestorm-0.5.4.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Various bug fixes and feature enhancements. | | File Size: | 545830 | | Last Modified: | Sep 12 15:22:00 2003 |
| MD5 Checksum: | 584dc6b86b29956f66fe8a7adf39a41b |
|
| /// File Name: |
flister.zip |
Description:
|
FLISTER is a proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. Flister works on Windows 2000, XP and 2003.
| | Author: | joanna | | Homepage: | http://www.invisiblethings.org | | File Size: | 16083 | | Last Modified: | Feb 24 06:01:37 2005 |
| MD5 Checksum: | e54c133c50a5b1a45c482def06ac83e8 |
|
| /// File Name: |
fragrouter-1.6.tar.gz |
Description:
|
Fragrouter v1.6 - Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs.
| | File Size: | 277726 | | Last Modified: | Sep 23 01:36:37 1999 |
| MD5 Checksum: | 73fdc73f8da0b41b995420ded00533cc |
|
| /// File Name: |
fupids.tgz |
Description:
|
fupids (the fuzzy userprofile intrusion detection system) is a user-profile based IDS for the OpenBSD kernel. It modifies certain syscalls in order to detect suspicious behavior. For example, it watches for network devices being set to promiscuous mode, and it watches for the creation of listen() sockets by users. fupids also handles a program profile for your local users, and it can find attackers who overtake existing accounts.
| | Author: | Steffen Wendzel | | Homepage: | http://www.wendzel.de/?sub=softw&ssub=fupids | | File Size: | 5177 | | Last Modified: | Dec 6 13:37:01 2003 |
| MD5 Checksum: | 791692e1f0a3ea124c366d0f6eeda08f |
|
| /// File Name: |
fupids2-0.8.5.tgz |
Description:
|
fupids2 is a so-called human oriented IDS based on the FUPIDS project. fupids2 calculates an attacker level for every user on all Unix/Linux/BSD systems in the network. It looks at the behavior of the user (the programs the user uses, the daytime the user is active, the building and room the user uses, the part of the room in which the user sits, and so on) and reports if the user engages in behavior that is unusual for that person. This method can often detect accounts overtaken by attackers.
| | Author: | Steffen Wendzel | | Homepage: | http://www.doomed-reality.org/site/projekte/fupids2/index.html | | File Size: | 36594 | | Last Modified: | Feb 16 13:33:12 2006 |
| MD5 Checksum: | 99b34dafee4ef81a3ec9b008071a12b8 |
|
| /// File Name: |
gabriel-1.0.tar.Z |
Description:
|
SATAN detector.
| | File Size: | 86419 | | Last Modified: | Aug 16 20:02:28 1999 |
| MD5 Checksum: | d4b1205ee573cd72404df8ba2d0587f6 |
|
| /// File Name: |
garuda-0.1.0.tgz |
Description:
|
Garuda is a wireless intrusion detection system (WIDS). It has been designed for detecting war drivers, rogue APs, denial of service attacks, and even MAC spoofing. Rule-based detection, statistics, and enumeration modules included.
| | Author: | Seunghyun Seo | | Homepage: | http://garuda.sourceforge.net | | File Size: | 55702 | | Last Modified: | Jun 7 23:57:19 2004 |
| MD5 Checksum: | 041a387fe921681021f1e02a2633c370 |
|
| /// File Name: |
Gbs.c |
Description:
|
Grazer1's Bait System opens a specific port and logs connections to it. Simple and ghetto way to log Netbus requests.
| | Author: | W. ter Maat | | File Size: | 2599 | | Last Modified: | Feb 22 18:40:58 2000 |
| MD5 Checksum: | eb7bffeff5bf8f893bbeb14cdb2f2649 |
|
| /// File Name: |
getstatd-1.1.981014.tar.gz |
Description:
|
Allows users to watch their accounting statistics and admins to watch general users statistics, terminal lines and other system wide statistics for any period of time.
| | Author: | Maxim Chirkov | | File Size: | 63031 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | 1cf958fd87f98f6ffe9fa666266bb2a1 |
|
| /// File Name: |
gnetsentry-0.0.0.tgz |
Description:
|
Network sentry.
| | File Size: | 349598 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | 204099530bda6eb01a5713bc089647a7 |
|
| /// File Name: |
gogmagog-1.tar.gz |
Description:
|
UNIX systems integrity monitor - highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind.
| | Author: | C. Parisel | | File Size: | 5934 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 73a163942b986ae4d0d09d0dfd47410b |
|
| /// File Name: |
gogmagog-2.1.tar.gz |
Description:
|
Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.
| | Author: | C. Parisel | | File Size: | 12867 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 16127b758ce2654bbf7ab501f1e7679b |
|
| /// File Name: |
gogmagog-2.tar.gz |
Description:
|
Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.
| | Author: | C. Parisel | | File Size: | 12342 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 928bfc3edd38b1e18d4863a7e36d8cbe |
|
| /// File Name: |
gogmagog-3.tar.gz |
Description:
|
GogMagog is a multiplatform sysadmin tool for monitoring the integrity of network-wide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is pretty network architecture independant. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface on the server.
| | Author: | C.Parisel | | File Size: | 13936 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 8ef23b61a15ccdbe831cb688278deedd |
|
| /// File Name: |
gogmagog-4.tar.gz |
Description:
|
gogmagog 4 - GogMagog is a multiplatform sysadmin tool for monitoring the integrity of networkwide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is relatively network architecture independent. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface (named GogView) on the server. GogMagog works on Linux, AIX, HP-UX and Solaris.
| | Author: | C. Parisel | | Changes: | encrypted profiles, security improvements. | | File Size: | 31625 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 973b264138f4cc0f732242cd96f7d54c |
|
| /// File Name: |
grundschober_1998.letter.ps.gz |
Description:
|
Sniffer Detector Report, Diploma Thesis, June 1998.
| | Author: | Stephane Grundschober | | File Size: | 242029 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 5ac207af8e5c5de735b4ae595fbbc7ca |
|
| /// File Name: |
guard26.tar.gz |
Description:
|
This linux tool is more an early warning system than IDS. it scans system logs for signs of intrusion in real time. produces colored output on the tty, sends alerts and regular reports. Excellent database of suspicious logfile strings included.
| | Homepage: | http://www.penguin.cz/%7Eondrej/guard/ | | File Size: | 16161 | | Last Modified: | Dec 11 02:45:26 1999 |
| MD5 Checksum: | ffafa344ed46803c723b3aecc1ed66f3 |
|
| /// File Name: |
hlbr-0.2.tar.gz |
Description:
|
HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model staying invisible from layer 3.
| | Author: | Joao Eriberto Mota Filho,Andre Bertelli Araujo | | Homepage: | http://hlbr.sourceforge.net | | File Size: | 194744 | | Last Modified: | Feb 14 00:05:18 2006 |
| MD5 Checksum: | 5f48b9d7ef29b33c5ee95e843dfc15b0 |
|
| /// File Name: |
hlbr-1.0.tar.gz |
Description:
|
HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model staying invisible from layer 3.
| | Author: | Joao Eriberto Mota Filho,Andre Bertelli Araujo | | Homepage: | http://hlbr.sourceforge.net | | Changes: | Version 1.0 now can detect malicious traffic using regular expressions. | | File Size: | 193460 | | Last Modified: | Mar 8 00:33:49 2006 |
| MD5 Checksum: | b0739e53c26fa5bb40e34764bd102b46 |
|
| /// File Name: |
honeyclient-1.0.2.tar.gz |
Description:
|
A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
| | Author: | MITRE Honeyclient Project | | Homepage: | http://www.honeyclient.org/trac | | File Size: | 22264167 | | Last Modified: | Mar 12 17:52:30 2008 |
| MD5 Checksum: | 4bda6d726ea764bca41ebe69e5df0b14 |
|
| /// File Name: |
honeyd-0.3.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Included UDP support (including proxying), and many bugfixes. | | File Size: | 135998 | | Last Modified: | Jul 31 03:08:32 2002 |
| MD5 Checksum: | 027c507bb165bea70403309e4445c601 |
|
| /// File Name: |
honeyd-0.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes and improvements. | | File Size: | 272149 | | Last Modified: | Apr 15 04:29:12 2003 |
| MD5 Checksum: | 3aec5101f44ef21b29c213496d92c1c1 |
|
| /// File Name: |
honeyd-0.6.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | This release includes faster routing lookups, asymmetric routing, GRE tunneling, plugins and configuration systems, integration of physical machines into the virtual routing topology for network simulation, performance improvements, and several bugfixes. | | File Size: | 365913 | | Last Modified: | Jun 24 02:10:02 2003 |
| MD5 Checksum: | 20cc97bee4188ccad9831292bbdb885c |
|
| /// File Name: |
honeyd-0.7.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Includes a whole bunch of new features, including dynamic templates that allow the honeypots to adapt based on the operating system and source IP addresses of the adversary, passive fingerprinting that allows the identification of the remote host, a tarpit to slow down spammers, and many bugfixes. | | File Size: | 416592 | | Last Modified: | Nov 24 15:22:34 2003 |
| MD5 Checksum: | d05e112d513d0a1ce7b39cded9b0aba5 |
|
| /// File Name: |
honeyd-0.7a.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes. | | File Size: | 416763 | | Last Modified: | Jan 4 06:14:19 2004 |
| MD5 Checksum: | 04ae109952d274aba4c0ab398e213ef2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
