Section: .. / UNIX / IDS /
| /// File Name: |
gabriel-1.0.tar.Z |
Description:
|
SATAN detector.
| | File Size: | 86419 | | Last Modified: | Aug 16 20:02:28 1999 |
| MD5 Checksum: | d4b1205ee573cd72404df8ba2d0587f6 |
|
| /// File Name: |
garuda-0.1.0.tgz |
Description:
|
Garuda is a wireless intrusion detection system (WIDS). It has been designed for detecting war drivers, rogue APs, denial of service attacks, and even MAC spoofing. Rule-based detection, statistics, and enumeration modules included.
| | Author: | Seunghyun Seo | | Homepage: | http://garuda.sourceforge.net | | File Size: | 55702 | | Last Modified: | Jun 7 23:57:19 2004 |
| MD5 Checksum: | 041a387fe921681021f1e02a2633c370 |
|
| /// File Name: |
Gbs.c |
Description:
|
Grazer1's Bait System opens a specific port and logs connections to it. Simple and ghetto way to log Netbus requests.
| | Author: | W. ter Maat | | File Size: | 2599 | | Last Modified: | Feb 22 18:40:58 2000 |
| MD5 Checksum: | eb7bffeff5bf8f893bbeb14cdb2f2649 |
|
| /// File Name: |
getstatd-1.1.981014.tar.gz |
Description:
|
Allows users to watch their accounting statistics and admins to watch general users statistics, terminal lines and other system wide statistics for any period of time.
| | Author: | Maxim Chirkov. | | File Size: | 63031 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | 1cf958fd87f98f6ffe9fa666266bb2a1 |
|
| /// File Name: |
gnetsentry-0.0.0.tgz |
Description:
|
Network sentry.
| | File Size: | 349598 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | 204099530bda6eb01a5713bc089647a7 |
|
| /// File Name: |
gogmagog-1.tar.gz |
Description:
|
UNIX systems integrity monitor - highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind.
| | Author: | cparisel[at]hotmail.com. | | File Size: | 5934 | | Last Modified: | Aug 16 20:02:32 1999 |
| MD5 Checksum: | 73a163942b986ae4d0d09d0dfd47410b |
|
| /// File Name: |
gogmagog-2.1.tar.gz |
Description:
|
Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.
| | Author: | C. Parisel. | | File Size: | 12867 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 16127b758ce2654bbf7ab501f1e7679b |
|
| /// File Name: |
gogmagog-2.tar.gz |
Description:
|
Unix systems integrity monitor used to ensure core resources are left unaltered on a given host. gogmagog is composed of highly configurable Bourne shell scripts that collect and analyze systems information, scanning for ANY irregularities or discrepancies. Designed with all major flavors of UNIX in mind. This version has a GogView GUI that makes it much easier to monitor multiple hosts.
| | Author: | C. Parisel. | | File Size: | 12342 | | Last Modified: | Aug 16 20:02:33 1999 |
| MD5 Checksum: | 928bfc3edd38b1e18d4863a7e36d8cbe |
|
| /// File Name: |
gogmagog-3.tar.gz |
Description:
|
GogMagog is a multiplatform sysadmin tool for monitoring the integrity of network-wide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is pretty network architecture independant. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface on the server.
| | Author: | C.Parisel. | | File Size: | 13936 | | Last Modified: | Aug 16 20:02:42 1999 |
| MD5 Checksum: | 8ef23b61a15ccdbe831cb688278deedd |
|
| /// File Name: |
gogmagog-4.tar.gz |
Description:
|
gogmagog 4 - GogMagog is a multiplatform sysadmin tool for monitoring the integrity of networkwide systems. Communication between the Magog server (ideally a PC running Linux) and the Gog hosts relies on FTP only, so it is relatively network architecture independent. Sysadmins monitor their machines at a glance, through a very simple WWW graphical interface (named GogView) on the server. GogMagog works on Linux, AIX, HP-UX and Solaris.
| | Author: | C. Parisel. | | Changes: | encrypted profiles, security improvements. | | File Size: | 31625 | | Last Modified: | Aug 16 20:02:47 1999 |
| MD5 Checksum: | 973b264138f4cc0f732242cd96f7d54c |
|
| /// File Name: |
grundschober_1998.letter.ps.gz |
Description:
|
Sniffer Detector Report, Diploma Thesis, June 1998.
| | Author: | Stephane Grundschober. | | File Size: | 242029 | | Last Modified: | Aug 16 20:02:39 1999 |
| MD5 Checksum: | 5ac207af8e5c5de735b4ae595fbbc7ca |
|
| /// File Name: |
guard26.tar.gz |
Description:
|
This linux tool is more an early warning system than IDS. it scans system logs for signs of intrusion in real time. produces colored output on the tty, sends alerts and regular reports. Excellent database of suspicious logfile strings included.
| | Homepage: | http://www.penguin.cz/%7Eondrej/guard/ | | File Size: | 16161 | | Last Modified: | Dec 11 02:45:26 1999 |
| MD5 Checksum: | ffafa344ed46803c723b3aecc1ed66f3 |
|
| /// File Name: |
hlbr-0.2.tar.gz |
Description:
|
HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model staying invisible from layer 3.
| | Author: | Joao Eriberto Mota Filho, Andre Bertelli Araujo | | Homepage: | http://hlbr.sourceforge.net | | File Size: | 194744 | | Last Modified: | Feb 14 00:05:18 2006 |
| MD5 Checksum: | 5f48b9d7ef29b33c5ee95e843dfc15b0 |
|
| /// File Name: |
hlbr-1.0.tar.gz |
Description:
|
HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model staying invisible from layer 3.
| | Author: | Joao Eriberto Mota Filho, Andre Bertelli Araujo | | Homepage: | http://hlbr.sourceforge.net | | Changes: | Version 1.0 now can detect malicious traffic using regular expressions. | | File Size: | 193460 | | Last Modified: | Mar 8 00:33:49 2006 |
| MD5 Checksum: | b0739e53c26fa5bb40e34764bd102b46 |
|
| /// File Name: |
honeyclient-1.0.2.tar.gz |
Description:
|
A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
| | Author: | MITRE Honeyclient Project | | Homepage: | http://www.honeyclient.org/trac | | File Size: | 22264167 | | Last Modified: | Mar 12 17:52:30 2008 |
| MD5 Checksum: | 4bda6d726ea764bca41ebe69e5df0b14 |
|
| /// File Name: |
honeyd-0.3.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Included UDP support (including proxying), and many bugfixes. | | File Size: | 135998 | | Last Modified: | Jul 31 03:08:32 2002 |
| MD5 Checksum: | 027c507bb165bea70403309e4445c601 |
|
| /// File Name: |
honeyd-0.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes and improvements. | | File Size: | 272149 | | Last Modified: | Apr 15 04:29:12 2003 |
| MD5 Checksum: | 3aec5101f44ef21b29c213496d92c1c1 |
|
| /// File Name: |
honeyd-0.6.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | This release includes faster routing lookups, asymmetric routing, GRE tunneling, plugins and configuration systems, integration of physical machines into the virtual routing topology for network simulation, performance improvements, and several bugfixes. | | File Size: | 365913 | | Last Modified: | Jun 24 02:10:02 2003 |
| MD5 Checksum: | 20cc97bee4188ccad9831292bbdb885c |
|
| /// File Name: |
honeyd-0.7.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Includes a whole bunch of new features, including dynamic templates that allow the honeypots to adapt based on the operating system and source IP addresses of the adversary, passive fingerprinting that allows the identification of the remote host, a tarpit to slow down spammers, and many bugfixes. | | File Size: | 416592 | | Last Modified: | Nov 24 15:22:34 2003 |
| MD5 Checksum: | d05e112d513d0a1ce7b39cded9b0aba5 |
|
| /// File Name: |
honeyd-0.7a.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes. | | File Size: | 416763 | | Last Modified: | Jan 4 06:14:19 2004 |
| MD5 Checksum: | 04ae109952d274aba4c0ab398e213ef2 |
|
| /// File Name: |
honeyd-0.8b.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Several bugs that would cause operating system detection with nmap to fail were fixed along with compilation issues for honeydctl on Linux and *BSD. Support for log rotation via SIGUSR1 was added. | | File Size: | 523808 | | Last Modified: | Apr 20 15:25:23 2004 |
| MD5 Checksum: | 4f287d8d1abe22f96fe74f1318186617 |
|
| /// File Name: |
honeyd-1.5.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.honeyd.org | | Changes: | The new release contains a bunch of new features: - Honeyd stats collector - Improved Subsystem support - Examples of real subsystems - fixed security issue allowing remote identification. | | File Size: | 893208 | | Last Modified: | Feb 16 17:59:03 2006 |
| MD5 Checksum: | cf328a2443f1f4233c6117fbf0a72de3 |
|
| /// File Name: |
hostsentry-0.02.tar.gz |
Description:
|
HostSentry v0.02 is a host based intrusion detection tool that performs Login Anomaly Detection (LAD), and is the most recent edition to the Abacus Project suite of security tools. This tool allows administrators to spot strange login behavior and quickly respond to compromised accounts and unusual behavior. HostSentry incorporates a dynamic database and actually "learns" the user login behavior. This behavior is then utilized by modular signatures to detect unusual events. Specifically, HostSentry monitors system login accounting records in real-time (wtmp/utmp). These records are used to build a dynamic database of active users and run a series of signature modules during the login and logout phases. The signature modules are pluggable and easily activated or deactivated by the admin. An example wrapper is included to allow administrators to add new signatures. The current list of signatures includes: moduleLoginLogout - Generic audit trail of all user login and logouts. moduleFirstLogin - Alerts administrators if this user is logging in for the first time. moduleForeignDomain - A login was detected from a domain not listed in the allowed domains file. moduleRhostCheck - A user's .rhosts file contains a wildcard or other dangerous modification. moduleHistoryTruncated - A user's .history file is missing, truncated to zero bytes, or symlinked (i.e. /dev/null). moduleOddDirnames - A user's directory contains suspicious directory names on logout (" ..", "...", etc.). moduleMultipleLogins - A single username has multiple concurrent logins from different domains. moduleOddLoginTime - A user is logging in at an odd hour for their usage pattern (not implemented yet). moduleInvalidUtmp - A corresponding utmp/wtmp entry for this login cannot be found (entry possibly removed) (not implemented yet). moduleHistorySuspicious - The user's history file contains suspicious commands (not implemented yet). moduleNetworkDaemon - The user logged out but left a listening network socket operating (private web server, IRC bot, etc.) (not implemented yet). moduleFileExists - A file was found in the user's directory that is listed in the banned/monitored list of the site (not implemented yet). First release.
| | Author: | Craig H. Rowland. | | File Size: | 33983 | | Last Modified: | Aug 16 20:02:40 1999 |
| MD5 Checksum: | 3de0bbb7d456bb53683de56dfdf98362 |
|
| /// File Name: |
hum-A-0.2.1.tar.gz |
Description:
|
HummingBird is a distributed component for any Intrusion Detection System. Features: Share security information with any Internet host, Powerful search-able database of security relevant data, Easy to use data visualization, Detects light but network wide attacks, Keeps historical data of system status, Hosts can be organized in a hierarchy for better management and information flow, Java interface for alert messages.
| | Author: | HummingBird Project. | | File Size: | 1272895 | | Last Modified: | Aug 16 20:02:30 1999 |
| MD5 Checksum: | 832b9e63563cb0688313e10812d66ba5 |
|
| /// File Name: |
hum-A-101898.tar.gz |
Description:
|
See above.
| | File Size: | 1658435 | | Last Modified: | Aug 16 20:02:31 1999 |
| MD5 Checksum: | 2f1090e6c66b0c4ca32eab75e11f32bf |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
