Btk is a little Python extension module allowing one to create and play with raw sockets and TCP/UDP/ICMP packets from within Python.
decaec6232a915f53abf02a4f0b4640a48f4b16a8776802c6985da925ffaa4c4Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
4f24865b58a950757f31ad67a84f2ba3e74358d411ac6ade255ca2b8dbf97e40Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
af2a2072a15847c8460565babe13b2a8d6b095b9daaedade52ba28abf8ec86f6fwmon is a firewall monitor for Linux which integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and does not need to run as root.
eba87138d1120e49a4460896f06ae1fa50da180902872dde33f33a56141f5fdcFingerprinting Port 80 Attacks - This paper looks at some of the signatures that are used in web server attacks and what to look for in your logs.
418fdba08b5342ce96f2eb897abfc3f48546f0a39066b51571a722980b2c603fThe Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
26a737a43a7486f9aed74043808e07b57d7dc15a1afbf6b49577eb73f0befd66The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
74f541ebcfbcbfb32968d1b03e66685c04d902f786a780492eb07f47cdd69604Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. Windows binaries available here.
376a383c5fad43306cef871664c81a31a86007458d75750c0053d4e77332c020Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
c305a83d444273f36fe616be53e47889e553f1076437495c3cb20aa4dea2051cSteghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven. Steghide is designed to be portable and configurable and features hiding data in bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data. It is able to embed data in BMP, WAV, and AU files.
7023049ea27d26db23073fd0c280a93cc283531e40fc3edf84638e441e68e288IPV6 Flooder.
840f1e7f1a6630975736391461079a35d92a25fde20d2c2df2d20980cfe278b1Tux web server remote dos attack. Sends a large host parameter inside the get request. Tested again RedHat 7.2.
029a738f9b68551f68b054c1d398abfbab7c1c19c344eabb37256f52d1ec0928FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff.
846d1a294f28721aa038c839384a72e8fc9b706324f5426a23df837e297075f2IIS 5.0 remote win32 exploit for the null.printer buffer overflow.
ce2073743bd10136edc549bb174a68f191651fd565885d653fb6d128c2ecc388The Firewall Tester consists of two simple perl scripts, the client part (ftest.pl) and the listening "daemon" (ftestd.pl). The client injects custom marked packets, while the daemon listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall.
19387661c89041849369c4ecd4045d750ecfdf4e449cd3b7f4df259233febdf6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed