Section: .. / papers / IDS /
| /// File Name: |
scan.txt |
Description:
|
Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/papers.html | | File Size: | 6147 | | Last Modified: | May 27 00:05:44 2000 |
| MD5 Checksum: | a87a4b4940160dc75d39ebcd278bcd54 |
|
| /// File Name: |
scanners.txt |
Description:
|
The top commercial vulnerability scanners have little to no security surrounding their licensing, making them excellent script kiddie tools. These scanners are actively being used by the underground against targets. Simple Nomad
| | File Size: | 18549 | | Last Modified: | Oct 4 20:59:34 1999 |
| MD5 Checksum: | c8d2b8ab2e0b85628655d91e9a20c3a0 |
|
| /// File Name: |
snort4-latest.pdf |
Description:
|
Building an Intrusion Detection System Using Snort - Covers installing RedHat Linux 7.1,Compiling/Installing and configuration of MySql/Apache/ACID/Snort, setup of snort rules, and hardening the machine.
| | Author: | Aidan Carty | | Homepage: | http://www.entropy.ie/ | | File Size: | 1069097 | | Last Modified: | Apr 25 07:53:47 2002 |
| MD5 Checksum: | 76ba61fd4ec82916de4b1b4bf0e145ca |
|
| /// File Name: |
snort_rules.htm |
Description:
|
Unavailable.
| | File Size: | 29082 | | Last Modified: | Jan 26 02:30:09 2000 |
| MD5 Checksum: | 2156f2457b59c2d034368eeac5bab0dc |
|
| /// File Name: |
SNORTRAN-wp.pdf |
Description:
|
SNORTRAN: An Optimizing Compiler for Snort Rules White Paper. Snortran is an optimizing compiler for intrusion detection rules popularized by an open-source Snort IDS. While Snort and Snort-like rules are usually thought of as a list of independent patterns to be tested in a sequential order, we demonstrate that common compilation techniques are directly applicable to Snort rule sets and are able to produce high-performance matching engines. SNORTRAN combines several compilation techniques, including cost-optimized decision trees, pattern matching precompilation, and string set clustering. Although all these techniques have been used before in other domain-specific languages, we believe their synthesis in SNORTRAN is original and unique.
| | Author: | Sergei Egorov, Gene Savchuk | | Homepage: | http://www.fidelissec.com | | File Size: | 253505 | | Last Modified: | Oct 10 04:33:14 2002 |
| MD5 Checksum: | 42d0c6a71e0806cdd8fe41063e4e05bd |
|
| /// File Name: |
spice-ccs2000.pdf |
Description:
|
SPICE Whitepaper - The Stealthy Portscan and Intrusion Correlation Engine is a project at Silicon Defense to detect portscans, even those in which the attacker has attempted to make the scan stealthy. For example, they may have slowed down the scan or randomized it. The basic idea with Spice is to monitor a network's packets. Each packet is assigned an anomaly score based on the normal traffic observed on the network. The higher the score, the more unusual and possibly suspicious the packet it. These are then passed to a correlator which groups related packets together and reports portscans. The correlator is under active development but an implementation of the anomaly sensor called SPADE has been released.
| | Author: | James Hoagland | | Homepage: | http://www.silicondefense.com/spice | | File Size: | 249618 | | Last Modified: | Oct 1 03:26:38 2000 |
| MD5 Checksum: | 0ccbe965d6f28833ef8441bbe22c4ab4 |
|
| /// File Name: |
statrept.ps |
Description:
|
The NIDES Statistical Component: Description and Justification
| | File Size: | 482844 | | Last Modified: | Oct 1 23:22:47 1999 |
| MD5 Checksum: | 99c56e4050b4c219bcb9cec727720f79 |
|
| /// File Name: |
survey.ps |
Description:
|
Automated Audit Trail Analysis and Intrusion Detection: A Survey
| | File Size: | 198401 | | Last Modified: | Oct 1 23:22:47 1999 |
| MD5 Checksum: | 173e5f82347151c3874381260f540a64 |
|
| /// File Name: |
switched.htm |
Description:
|
FAQ on implementing a Network Based IDS in a heavily switched environment.
| | Author: | Scott | | Homepage: | http://www.sans.org | | File Size: | 6574 | | Last Modified: | Feb 18 18:43:16 2000 |
| MD5 Checksum: | d7d52f2f801854f18c04f2f8df42e47c |
|
| /// File Name: |
t0rn.txt |
Description:
|
How to detect the t0rn rootkit - Includes detection methods, md5sums, pathnames, and TCP port numbers.
| | Author: | Toby Miller | | Homepage: | http://www.securityfocus.com | | File Size: | 9985 | | Last Modified: | Dec 4 06:16:25 2000 |
| MD5 Checksum: | aa9dd40ccf8e124ef33f32e1f63c19c8 |
|
| /// File Name: |
unspoofing.txt |
Description:
|
The Art of Unspoofing - Describes several methods to track down denial of service attacks and includes a patch for Bind v8.3.3 and 4.9.9 which adds logging of external queries regarding domains the nameserver is authoritative for.
| | Author: | Sean Trifero, Brian Knox | | Homepage: | http://www.innu.org/~sean | | File Size: | 7679 | | Last Modified: | Sep 17 05:31:20 2002 |
| MD5 Checksum: | 87f2e5f7f9fb0f15027b7ab29a34b67e |
|
| /// File Name: |
whiskerids.html |
Description:
|
A look at whisker's anti-IDS tactics. Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?".
| | Author: | Rain Forrest Puppy | | Homepage: | http://www.wiretrip.net | | File Size: | 25225 | | Last Modified: | Jan 2 03:58:28 2000 |
| MD5 Checksum: | 6e9e8b5619afc566d44fa31da9f45b34 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
