Section: .. / UNIX / IDS /
| /// File Name: |
prelude-manager-0.9.1.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Added ability to listen on multiple IP addresses. Some bug fixes and code cleanup. | | File Size: | 550672 | | Last Modified: | Nov 20 13:29:30 2005 |
| MD5 Checksum: | 059f4df26f1656941df553347a7fcd7d |
|
| /// File Name: |
prelude-manager-0.9.0.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Improved error reporting, Fixed failover on relaying, Fixed warnings. | | File Size: | 547077 | | Last Modified: | Sep 22 03:19:13 2005 |
| MD5 Checksum: | c847bd9ae8fc497cf8f7cd1c4c5f0aa2 |
|
| /// File Name: |
firestorm-0.5.4.tar.gz |
Description:
|
Firestorm is an extremely high performance network intrusion detection system (NIDS). Right now it is just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
| | Homepage: | http://www.scaramanga.co.uk/firestorm | | Changes: | Various bug fixes and feature enhancements. | | File Size: | 545830 | | Last Modified: | Sep 12 15:22:00 2003 |
| MD5 Checksum: | 584dc6b86b29956f66fe8a7adf39a41b |
|
| /// File Name: |
honeyd-0.8b.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Several bugs that would cause operating system detection with nmap to fail were fixed along with compilation issues for honeydctl on Linux and *BSD. Support for log rotation via SIGUSR1 was added. | | File Size: | 523808 | | Last Modified: | Apr 20 15:25:23 2004 |
| MD5 Checksum: | 4f287d8d1abe22f96fe74f1318186617 |
|
| /// File Name: |
radmind-1.3.2.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Various bug fixes and some support added. | | File Size: | 516271 | | Last Modified: | Oct 1 12:43:44 2004 |
| MD5 Checksum: | d94620d0808fd85e71112ce4caec798f |
|
| /// File Name: |
radmind-1.3.1.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Various feature enhancements and bug fixes. | | File Size: | 515023 | | Last Modified: | Aug 17 21:35:11 2004 |
| MD5 Checksum: | c1a1c67bb9ec254db3432be2ee6d8dc5 |
|
| /// File Name: |
nepenthes-0.1.7.tar.bz2 |
Description:
|
Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilities worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular.
| | Homepage: | http://nepenthes.mwcollect.org/ | | File Size: | 514301 | | Last Modified: | Sep 21 20:20:23 2006 |
| MD5 Checksum: | 7eb9fa1e3f819d5aa3c9ac81a572a724 |
|
| /// File Name: |
radmind-1.3.0.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Various feature enhancements and bug fixes. | | File Size: | 508114 | | Last Modified: | Apr 21 23:17:00 2004 |
| MD5 Checksum: | 46ef7b08d8e5304751db9d2e45e2488c |
|
| /// File Name: |
radmind-1.2.1.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Bug Fixes. | | File Size: | 490897 | | Last Modified: | Oct 30 14:55:30 2003 |
| MD5 Checksum: | 9c78f741a721c42573b9ba91e8cea74e |
|
| /// File Name: |
radmind-1.2.0.tgz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Pipelined lcreate, Added progress output option -v to fsdiff, f_noauth exits so client gets error, Fixed libsnet one off error, Added -R to radmind usage, mkdirs clears errno on success, Updated configure script, Added known issues section to README. | | File Size: | 490868 | | Last Modified: | Oct 17 00:57:54 2003 |
| MD5 Checksum: | ef005804d502f026d8b51dc9ff242f92 |
|
| /// File Name: |
dtk-0.7.tar |
Description:
|
Deception Toolkit v0.7 - Tools and tactics based on deception to counter hacking/cracking attacks. Excellent collection of security-related perl scripts; if you're going to lose sleep worrying about the hackers and crackers, then at least have some fun with them too. DTK Version 0.7 adds improved deceptions for http attacks (port 80) including a nicer .phf form. UDP deception states added to all scripts also.
| | Author: | Fred Cohen and Associates | | File Size: | 481280 | | Last Modified: | Aug 16 20:02:29 1999 |
| MD5 Checksum: | 5bb93082285a759055be9dc25b2aac02 |
|
| /// File Name: |
nwho-0.1.0.tar.gz |
Description:
|
nwho and integrated rwho with GUI to help monitor who is logged in and verify that they are who they should be.
| | Author: | James Wilson | | File Size: | 454232 | | Last Modified: | Aug 16 20:02:16 1999 |
| MD5 Checksum: | 2f294f7613c8d4b13cb3f64241e2c5b2 |
|
| /// File Name: |
capture-client-2.1.0-300-src.zip |
Description:
|
Capture is a high interaction client honeypot / honeyclient. A client honeypot/ honeyclient is a security technology that allows one to find malicious servers on a network. Capture identifies malicious servers by interacting with potentially malicious servers using a dedicated virtual machine and observing its system state changes. If a system state change is detected, since no other activity occurs on the dedicated client machine, the server Capture interacted with is classified as malicious. This is the source code for the client.
| | Homepage: | https://projects.honeynet.org/capture-hpc | | File Size: | 451900 | | Last Modified: | Apr 29 20:29:01 2008 |
| MD5 Checksum: | 24cb2e5a49f09244576dd9d27c798d92 |
|
| /// File Name: |
widsard-0.1.tar.gz |
Description:
|
wIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. A finite-state automater is used to trace the monitored process. The language used for the configuration file is regular expression based. If a particular sequence of system calls is intercepted than an appropriate action could be executed.
| | Author: | Davide Fais,Stefano Frassi,Filippo Giuntini,Luca Pugliese | | Homepage: | http://widsards.sourceforge.net/ | | File Size: | 443229 | | Last Modified: | Jun 24 01:34:40 2003 |
| MD5 Checksum: | b3b6ea301dec4bcabfdadd169e5077ff |
|
| /// File Name: |
sentinel-1.2.1c.tar.gz |
Description:
|
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
| | Homepage: | http://zurk.sourceforge.net/zfile.html | | Changes: | Sentinel-user for individual users has been added. The copyright has been changed to the FSF. This release also contains minor makefile updates. | | File Size: | 443155 | | Last Modified: | Apr 24 21:24:03 2001 |
| MD5 Checksum: | 87a55fcb020303d4d8efe60317948c3a |
|
| /// File Name: |
drawbridge-2.0.1.tar.gz |
Description:
|
Packet filter that allows you to control IP packets going to and from your LAN and the Internet.
| | File Size: | 429364 | | Last Modified: | Aug 16 20:03:15 1999 |
| MD5 Checksum: | 575fa565254832e202340636c7d72b1f |
|
| /// File Name: |
honeyd-0.7a.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Bug fixes. | | File Size: | 416763 | | Last Modified: | Jan 4 06:14:19 2004 |
| MD5 Checksum: | 04ae109952d274aba4c0ab398e213ef2 |
|
| /// File Name: |
honeyd-0.7.tar.gz |
Description:
|
Honeyd is a small daemon that creates virtual honey pot hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Any type of service on the virtual machine can be simulated according to a simple configuration file. Instead of simulating a service, it is also possible to proxy it to another machine.
| | Author: | Niels Provos | | Homepage: | http://www.citi.umich.edu/u/provos/honeyd | | Changes: | Includes a whole bunch of new features, including dynamic templates that allow the honeypots to adapt based on the operating system and source IP addresses of the adversary, passive fingerprinting that allows the identification of the remote host, a tarpit to slow down spammers, and many bugfixes. | | File Size: | 416592 | | Last Modified: | Nov 24 15:22:34 2003 |
| MD5 Checksum: | d05e112d513d0a1ce7b39cded9b0aba5 |
|
| /// File Name: |
prelude-manager-0.8.6.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Fixed a communication problem on Linux kernel 2.2.x due to the non-standards-compliant poll(). | | File Size: | 410240 | | Last Modified: | Sep 24 02:17:31 2002 |
| MD5 Checksum: | 8f40152b9c7bffee6dec2d4ee8539be6 |
|
| /// File Name: |
prelude-manager-0.8.5.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Fixed a heartbeat insertion problem. | | File Size: | 409674 | | Last Modified: | Sep 11 03:23:20 2002 |
| MD5 Checksum: | 42a70404422d50ffa993edca93353681 |
|
| /// File Name: |
emonitor-v-0.6.tar.gz |
Description:
|
emonitor 0.6 is a notification, action-based system for network, system and application monitoring. emonitor includes the following tools: emsrvmsg (Event Monitor Server Message), emsrvcmd (Event Monitor Server Command), emtlog (Event Monitor Transaction Logger), emconsole (Event Monitor Console), emputcmd (Event Monitor Put Command), emputmsg (Event Monitor Put message). The Event Monitor Project
| | File Size: | 409580 | | Last Modified: | Aug 16 20:02:46 1999 |
| MD5 Checksum: | 419b432a7d2d4ccf09d4b5754602378c |
|
| /// File Name: |
prelude-manager-0.8.4.tar.gz |
Description:
|
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis.
| | Homepage: | http://prelude.sourceforge.net | | Changes: | Bugs fixed, and corrects OpenSSL, PgSQL, and MySQL detection. | | File Size: | 409510 | | Last Modified: | Sep 5 17:04:00 2002 |
| MD5 Checksum: | 3021934c7782b155cf240c75519aaf46 |
|
| /// File Name: |
sentinel-1.2.1.tar.gz |
Description:
|
Sentinel is a fast file integrity checker similar to Tripwire or ViperDB with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database.
| | Homepage: | http://zurk.sourceforge.net/zfile.html | | Changes: | A -fullcheck option has been added which allows you to check for files added to the drive even if they are not in the database. The efficiency and speed of the algorithms for checking and database creation have also been improved, allowing it to work at or near a hard disk's max throughput limits. | | File Size: | 407678 | | Last Modified: | Mar 21 17:11:09 2001 |
| MD5 Checksum: | 1dd56b8670f857d7f1299bbe7dd3ced7 |
|
| /// File Name: |
radmind-1.11.0.tar.gz |
Description:
|
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
| | Homepage: | http://rsug.itd.umich.edu/software/radmind | | Changes: | Support added for exclude patterns. The default server port is now the IANA-registered 6222. Various other changes. | | File Size: | 402880 | | Last Modified: | Dec 18 12:54:16 2007 |
| MD5 Checksum: | 851d4560bf5d6a5b2e8cf6b9fb21793a |
|
| /// File Name: |
dtk-0.6.tar |
Description:
|
Deception Toolkit v0.6 - Tools and tactics based on deception to counter hacking/cracking attacks. DTK Version 0.6 adds the 'slowly' pragma to 'orders'. V0.6 also adds logging of accesses by IP address and retrieval of roll-up information from these log files via the deception port in a manner similar to that of InfoCon information. V0.6 also adds time-based passwords (also can be used in a use-based mode if desired) and the utility program tbp.pl. TBP allows remote systems to authenticate themselves automatically over time without reuse of the same old passwords. Too many more features to list in this major release. 400k.
| | Author: | Fred Cohen and Associates | | File Size: | 399360 | | Last Modified: | Aug 16 20:02:27 1999 |
| MD5 Checksum: | ae64a9f31e388ac3410ed79ad3f8a1e4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
