Strace is a system call trace, a debugging tool which prints out a trace of all the system calls made by another process/program. The program to be traced need not be recompiled for this, so you can use it on binaries for which you don't have source. System calls and signals are events that happen at the user/kernel interface. A close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race and buffer overflow conditions.
fc1d8db15978017f2c1ecc660e0b61728382630cd7fefad1402fc97b9f16e142ffingerd is a small and secure finger daemon for Unix. It is meant to be run from inetd, designed for security, so that admins don't have to kill the finger service. It has support for autoconf and PGP/GPG.
ab28a528861bd25c1ee49ffec8ff01bce6eedf0f5629c85acbaaef69651aca34ipac is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. The output of ipac can be a simple ascii table, an ascii graph or even PNG images with graphs showing traffic progression. ipac can be used for IP traffic analysis and for accounting purposes.
3b957f78abfc1adb65ea51143ace53b9ccafa9e2aff54579e08bb47edd4709f2Fwctl is a program that intends to make it easier to configure a tight firewall. It provides a configuration syntax that is easier to use and more expressive than the low-level primitives offered by ipchains. It supports multiple interfaces, masquerading and packet accounting. Fwctl doesn't replace a good security engineer, but it can make the job of the security engineer simpler.
e2247a64bee3458be58c38859136219bafdf100c625f0c55555b717805dd963cShellgen.c, a shellcode generator by Mixter, has an exploitable buffer overflow. Advisory and exploit included.
f9af914ed4f6d7e9ae83c7c95a95cf1681836c618aaf93983b1bcb0864e4261fSpyNet v3.12 is a sniffer for Win 95/98/NT/2000 which can recompose the original TCP sessions from the composing packets. Reconstructs telnet sessions, e-mail messages, POP3 logins, etc. Also has the ability to fake cookies it sniffs.
4e839aef6571493695a4d13196b54c2ed145a2a7b1ae96f74b32780b36036111PHP Chains is a PHP3 interface to ipchains. It works with Apache/PHP3 and any version of the 2.2 kernel series and maybe even the 2.3 kernels. Input, output, and firewall chains can be added or deleted along with network objects. Once the script is generated, the chains can be installed immediately off the Web sight. The sudo-1.6.1 package is included in the distribution file.
76ce37e3e1618eeca117484aec23ca63adfdfc9f142094040aecc3f62e1a86c0ftpd-BSD is a Linux port of OpenBSD's ftp server (note that there are other such ports). It is thought to be more secure than wu-ftpd and proftpd. This port adds PAM support, and support for on-the-fly decompression of gzipped files.
233f5985b5f036d899231162952de8069aed662153ccd69d9f1bfa27eb5d83a2The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off online and you can hide sensitive processes and prevent anyone from using ptrace on your system. LIDS can also provide raw device and I/O access protection.
2db935ecfc3b8307087f997a6d2884440cfca720ba81a921cfa12568feb53a78Perro (The Internet Protocols logger) is a set of three daemons that log incoming IP/TCP, IP/UDP and IP/ICMP packets. It also produces detailed log files.
045b98e02917aaaaef1f8f1e49941e45f5c9970a8a9624619d68b586127d51a0SuSE Security Announcment - A security hole was found in lprold which was distributed with all SuSE versions including 6.3. There are local and remote vulnerabilities. SuSE security site here.
e738169bb2cdb3573f768840d7317d4a7f648780d7155ba0e73a45c7e5943212Secure FTP (sftp) implements a file transfer protocol using ssh/rsh as the transport mechanism. When the client is invoked, a remote shell is spawned and the server is run. sftp is mainly useful over a secure ssh session since passwords are not exposed. It also has the advantage that no root access is required, since the server runs as a user process.
3009d447261678234580ffc981a83c18a6b4cbebd427d83e59e6a05343bf3364Sendmail-TLS is a wrapper for Sendmail which allows for clients to make a secure (SSL) connection to their mailserver as described in RFC 2487. The connection is internally forwarded to sendmail and does not require sendmail to be running on port 25. Clients which support this currently are Netscape Messenger, Microsoft Outlook, and Microsoft Outlook Express.
2a10a30ecef2a314d2a15e94af90b86be8b60f222a2361a8737090b8db73b91ain.pop3d backdoor - Still functions as in.pop3d, but gives a shell with the proper password.
10dce7f841ee0b2ee76fb62470c2df3a484a462c99e837ac6c404d6590b28356Exploit for the new NT remote DOS and possible compromise. NT 4.0 server and workstation are vulnerable, even with SP level 1, 3, 5, or 6.
2b98566441d44ba149fafd2b74a9bf4293af462f1fe5b8657c87530b1278ec22Apocolypso 1.3 is a new crypto tool from HNC. It supports a wide variety of encryption methods, including DES, Blowfish, IDEA, Gost, Misty 1, Twofish, Cast 256, Rinjindael, HNC Single Encryption, and HNC Multi Encryption. Apocolypso runs on Win95, 98, and NT.
c96eae5e6af8900f72fd7eb9d27545024edbdb785d9ab1c373dc5a2fb69ab1a8dsniff is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time.
7b757d3d67ea684c61afe0f432de550f86a550a5802b5bfe37f1b4d779d76c3aIntrusion Detection Evasion System is a daemon that monitors connections, and forges additional packets to hide from and disturb network monitoring processes of IDS and sniffers. It does this by inserting rst/fin and ack packets with bogus payloads and invalid sequence numbers that only affect network monitors. It also sends a custom amount of SYN requests from arbitrary sources on every real connection attempt it sees, which can for example be used to simulate coordinated scans.
70928c72e9594e3b31e86cabaaf959e292ac9e456f7add9f9d4fb015debc78bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed