Section: .. / UNIX / IDS /
| /// File Name: |
nng-4.13r-public.rar |
Description:
|
NNG is a tool that creates crafted packets to cause MS02-039 false-positives against IPS/IDS. NNG does not have the same approach used by Snot and Stick, where the main goal is DoSing the IPS. Instead, NNG tries to make IPS/IDS "numbed" enough to have the leakage of real attack.
| | Author: | Nelson Brito | | File Size: | 616879 | | Last Modified: | Sep 17 00:00:17 2008 |
| MD5 Checksum: | 941a9a2a2f328b73989165de822527df |
|
| /// File Name: |
nocol-4.2.1.tar.gz |
Description:
|
NOCOL(Network Operation Center On-Line)/SNIPS is a system and network monitoring software that runs on Unix systems and can poll network and system devices. It is capable of monitoring nameservers, web ports, host performance, syslogs, radius servers, BGP peers, etc. New monitors can be added easily (via a C or Perl API).
| | Author: | Netplex Technologies | | File Size: | 574917 | | Last Modified: | Aug 16 20:02:17 1999 |
| MD5 Checksum: | 58cd21604c50ea353385fb55a4904beb |
|
| /// File Name: |
nodewatch-1.6.tar.gz |
Description:
|
NodeWatch is an open source TCP/IP network monitoring tool written in Perl for UNIX.
| | File Size: | 41583 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | d8c67cc9a35db752fa3233130a4e3fee |
|
| /// File Name: |
nwho-0.1.0.tar.gz |
Description:
|
nwho and integrated rwho with GUI to help monitor who is logged in and verify that they are who they should be.
| | Author: | James Wilson | | File Size: | 454232 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 2f294f7613c8d4b13cb3f64241e2c5b2 |
|
| /// File Name: |
openports-0.2.tar.gz |
Description:
|
OpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.
| | Author: | Sven Darkman Michaels | | Changes: | Better log analysis, and printing of only the changes. | | File Size: | 2263 | | Last Modified: | Oct 15 18:38:15 2000 |
| MD5 Checksum: | 76384d12f67d37cb17e9d0088d2ee771 |
|
| /// File Name: |
overcr-1.49.01.tar.gz |
Description:
|
OverCR 1.49.01 - OverCR is a simple system monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor | | Changes: | First 1.50 beta featuring new config file based configuration. "System Monitoring is an important and expensive task. Fortunately free tools such as Big Brother have become available. Unfortunately these tools are not free in the GNU sense. In addition the shell script format of Big Brother leaves something to be desired in my opinion. Therefore I've started writing Over-CR, a GPL Network Monitoring software."--Eric Molitor | | File Size: | 12948 | | Last Modified: | Aug 16 20:02:41 1999 |
| MD5 Checksum: | a68cee6f17be4e0806ee23797f112899 |
|
| /// File Name: |
overcr-1.49.02.tar.gz |
Description:
|
OverCR 1.49.02 - OverCR is a remote systems monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
| | Author: | Eric Molitor | | Changes: | Configuration file support completed, minor documentation fixes, minor cleaning and formating of source. | | File Size: | 13185 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 6ae461e9e01a97b6e47695f87462fd1b |
|
| /// File Name: |
pads-1.1.1.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | Changes: | Fixed a stack overflow. | | File Size: | 557311 | | Last Modified: | Aug 18 23:06:46 2004 |
| MD5 Checksum: | c30af9321d9d442586522e8d0dcf01c4 |
|
| /// File Name: |
pads-1.1.2.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | Changes: | Bug fixes. Code optimization. New signatures. | | File Size: | 559111 | | Last Modified: | Sep 8 18:11:09 2004 |
| MD5 Checksum: | 8eb71f3fa800e5ace5d51fe907d0901f |
|
| /// File Name: |
pads-1.1.3.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | Changes: | MAC Address Vendor Resolution, PADS will now attempt to resolve the vendor name of a MAC address, bug fixes. | | File Size: | 628536 | | Last Modified: | Oct 7 00:47:34 2004 |
| MD5 Checksum: | 659063d820ebea77f64aaab28df7e806 |
|
| /// File Name: |
pads-1.1.tar.gz |
Description:
|
Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
| | Author: | Matt Shelton | | Homepage: | http://passive.sourceforge.net/ | | File Size: | 557605 | | Last Modified: | Aug 16 00:04:54 2004 |
| MD5 Checksum: | 47dbccdf65b5571661984f2ac97bc5af |
|
| /// File Name: |
pakemon-0.3.0.tar.gz |
Description:
|
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic. Tested on RedHat Linux 6.2j, OpenBSD2.7, FreeBSD 3.3, and NetBSD 1.4.
| | Homepage: | http://www.sfc.keio.ac.jp/~keiji/ids/pakemon | | File Size: | 109148 | | Last Modified: | Nov 29 04:07:36 2000 |
| MD5 Checksum: | 27e99d6a8e76d6b18741e19625018f6c |
|
| /// File Name: |
pakemon-0.3.0b4-2.tar.gz |
Description:
|
pakemon has been developed to share IDS components based on the open source model. Current version of pakemon monitors all traffic on a network, search given data patterns in the traffic and output session logs and summary logs of matched traffic.
| | Homepage: | http://www.sfc.keio.ac.jp/~keiji/ids/pakemon | | File Size: | 108519 | | Last Modified: | Oct 29 01:52:56 2000 |
| MD5 Checksum: | 3e99f29f9e8c6084bde9857991b4a1a6 |
|
| /// File Name: |
passfing.tar.gz |
Description:
|
A perl script that passively fingerprints OSes based on signatures.
| | Author: | Craig Smith | | File Size: | 9861 | | Last Modified: | May 16 17:25:04 2000 |
| MD5 Checksum: | 6021a9992e1d522783d586f3b60780f5 |
|
| /// File Name: |
petrovich-1.0.0.tar.gz |
Description:
|
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
| | Author: | T. Kinch | | Homepage: | http://sourceforge.net/projects/petrovich | | File Size: | 17844 | | Last Modified: | Jul 21 00:13:00 2001 |
| MD5 Checksum: | a5657c6af0796b8738dc0b07563ba464 |
|
| /// File Name: |
pmids-1.3.tgz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://www.darkie.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=22&ttitle=Poor_Man's_IDS | | Changes: | New self-check portion, a new ability to pull signatures from a remote location (default is the author's Web site, and you must have wget for this feature to work). | | File Size: | 3127 | | Last Modified: | Jun 12 23:13:49 2002 |
| MD5 Checksum: | 6bc9015ccff5dd993e1b7d4549c80f2a |
|
| /// File Name: |
pmids-1.5.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | Bug fixes and some cool improvements. | | File Size: | 14746 | | Last Modified: | Aug 30 01:58:32 2002 |
| MD5 Checksum: | bd319ae6afaabd837ee24d4c0c4fa04d |
|
| /// File Name: |
pmids-1.6.tar.gz |
Description:
|
Poor Mans IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Rather than only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found.
| | Author: | Redox | | Homepage: | http://autosec.sourceforge.net | | Changes: | A GPG bug and grabbing of md5 sigs from the website have been repaired. | | File Size: | 15177 | | Last Modified: | Oct 1 00:28:27 2002 |
| MD5 Checksum: | fccdd4b8ac766c1fe16c97e4125afb0f |
|
| /// File Name: |
portmap_4.tar.gz |
Description:
|
Replacement portmapper with access control. Makes it somewhat harder to attack your RPC daemons, for example to steal YP password maps or NFS file handles. Must be linked against a library produced with a recent tcp wrapper release (see above). Tested with SunOS 4.1.x. Also supports HP-UX 9.0, AIX 3.x (bsdcc compiler with -D_SUN), AIX 4.x and Digital UNIX (OSF/1). If you run SunOS 4, the securelib library (see above) is better because it can also cope wit h direct attacks on your RPC daemons (i.e. attacks without assistance from portmap).
| | File Size: | 16152 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | a6aa06035dbaaac1103fcd87c18b3a5b |
|
| /// File Name: |
portmap_5beta.tar.gz |
Description:
|
See above.
| | File Size: | 18702 | | Last Modified: | Aug 16 20:02:14 1999 |
| MD5 Checksum: | 781e16ed4487c4caa082c6fef09ead4f |
|
| /// File Name: |
portsentry-0.61.tar.gz |
Description:
|
PortSentry v0.61beta is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. There are other port scan detectors that perform similar detection of scans, but PortSentry has some unique features that may make it worth looking into: Runs on TCP and UDP sockets to detect port scans against your system. PortSentry is configurable to run on multiple sockets at the same time so you only need to start one copy to cover dozens of tripwired services. Stealth scan detection (Linux only right now). PortSentry will now detect SYN/half-open, FIN, NULL, X-MAS and oddball packet stealth scans. Four new stealth scan operation modes have been added to greatly increase the power of this package. PortSentry will react to a port scan attempt by blocking the host in real-time. This is done through configured options of either dropping the local route back to the attacker, using the Linux ipfwadm command, *BSD ipfw command, and/or dropping the attacker host IP into a TCP Wrappers host.deny file automatically. PortSentry has an internal state engine to remember hosts that connected previously. This allows the setting of a trigger value to prevent false alarms and detect "random" port probing. PortSentry will report all violations to the local or remote syslog daemons indicating the system name, time of attack, attacking host IP and the TCP or UDP port a connection attempt was made to. When used in conjunction with Logcheck it will provide an alert to administrators through e-mail.
| | Author: | Craig H. Rowland | | File Size: | 34968 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 57bf7e0caf99188018ef1ab6131faf4b |
|
| /// File Name: |
portsentry-0.90.tar.gz |
Description:
|
PortSentry 0.90 - PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.
| | Author: | Craig Rowland | | Changes: | Renamed from Abacus Sentry to PortSentry, lots of internal code clean up and optimizations, Docs updated and it now works under Solaris, Linux, BSD variants and others. portsentry.sample.txt. | | File Size: | 37936 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 80eead64b3d6efb10748b80ecec0f54a |
|
| /// File Name: |
portsentry-1.0.tar.gz |
Description:
|
PortSentry is part of the Abacus Project suite of security tools. It is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/abacus/portsentry/ | | Changes: | Correct ignoring of hosts, and a Y2K fix for log file output, using a four-digit year. This doesn't affect PortSentry, but may affect programs that look at the log files it generates. | | File Size: | 43034 | | Last Modified: | Dec 2 14:59:02 1999 |
| MD5 Checksum: | d2d29e614f1604bd62a23e33d7a7564f |
|
| /// File Name: |
portsentry-1.1.tar.gz |
Description:
|
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations. All modes support real time alerting and blocking.
| | Author: | Craig Rowland | | Homepage: | http://www.psionic.com/abacus/portsentry/ | | Changes: | Added netmask ignoring support, a toggle for DNS lookups, and can prioritize response/external commands. The Linux 2.4 CPU usage bug has been fixed. | | File Size: | 45871 | | Last Modified: | Jul 17 16:40:36 2001 |
| MD5 Checksum: | 782839446b7eca554bb1880ef0882670 |
|
| /// File Name: |
portsentry.sample.txt |
Description:
|
Unavailable.
| | File Size: | 3154 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 6ecd6e85e507606a05d23cec2d3686c8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
