IDS/A is an API which programmers can use to add security awareness to their applications. This is implemented via an integrated reference monitor, logger and IDS which is accessible to applications through a simple API. Applications can use this infrastructure to delegate access control and intruder detection to idsa.
c9e3fa1f786665ed1060f7b1217d60947083c5f7d6d9a2db316c7687993c1023IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target.
515c2f37c0bc9474bbd4ec5b26a029b5e1c2d7d60efb0944624995fe0b1b31efExploiting Format String Vulnerabilities v1.2 - Includes over 30 pages of well organized information along with several examples.
4ec81ccf82417d72ae0551b3d1085e97a9b9867f7c180e6ba8dd7c5b18eb6b66IOB stands for I/O bridge, a simple tty chaining program. It can be used to log almost any session, including ssh, gpg, pgp, cfsattach, losetup, etc.
29c258374e9799d3f17c6e1042df216aa63e48c532e3dc875a467a0d72b893c3FreeBSD Security Advisory FreeBSD-SA-01:62.uucp - Taylor UUCP is incorrectly configured by default, allowing local users to run commands as the uucp user and dialer group, allowing local root access.
797e95c03a16117c03ba2eaab3ffdcd1c0a46ef1136c97236d76b2631c524cefFreeBSD Security Advisory FreeBSD-SA-01:61 - If the squid proxy port is configured in acceleration-only mode, ACL's are ignored, allowing a remote attacker to use the squid server in order to issue requests to hosts that are otherwise inaccessible. Because the squid server processes these requests as HTTP requests, the attacker cannot send or retrieve arbitrary data. However, the attacker could use squid's response to determine if a particular port is open on a victim host. Therefore, the squid server may be used to conduct a port scan.
d7afc519a56bcddfcb9d5838ba965cce7299010dcb9428d5dd7ea0cf54a41246The Sentinel project is designed to be a portable, accurate, and effective implementation of all publicly known promiscuous detection techniques. Sentinel currently supports 3 methods of remote promiscuous detection: The DNS test, icmp etherping test, and ARP test. Tested on OpenBSD-3.0beta, FreeBSD 4.0, Netbsd 1.5.2, and Linux 2.4.x.
ba808bc62d2d43d00e7abd9c078c366ef0e6f689e632ec39c75f19a573034883Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
d68c074164985155f1cfd504a7a9a8614519f1212f938164f858d172cfdcd304fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.
ddbd7510713a7ada09bfe92de6fcefa570c3b2689b3ecadaf5a7a2b7d12d7920Reptor is a utility designed to aid the analysis of Axent/Raptor firewall logfiles which generates HTML reports which can include traffic summaries and alert messages that are based on highly customizable conditions. It has built in support for logfile retrieval, FTP, and SMTP allow it to be easily automated.
7d32950aea0797521b45cb694670536c53c026a5daeebe2f07f2a35df68c33e1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed