Section: .. / linux / security /
| /// File Name: |
snoopy-1.3.tar.gz |
Description:
|
Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
| | Author: | Mike Baker | | Changes: | Integrity checking, a new method of logging, and faster logging. | | File Size: | 10686 | | Last Modified: | Dec 21 00:21:59 2000 |
| MD5 Checksum: | 2a74982e2830a16159a7a6754476c6ee |
|
| /// File Name: |
snoopy-1.2.tar.gz |
Description:
|
Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
| | Author: | Mike Baker | | Changes: | A fix for a very manacing bug. | | File Size: | 10126 | | Last Modified: | Oct 15 18:54:20 2000 |
| MD5 Checksum: | 4013da8d2d80503ce7c9c4923adacbe9 |
|
| /// File Name: |
dspspy1.1.2.tar.gz |
Description:
|
dspspy is a sound recording utility for spying. dspspy waits until a sound is detected (input via /dev/dsp) and then it records it to a unique file. dspspy records sounds from the microphone to raw sound files. This can be used as a surveillance system.
| | Author: | Richard Svensson | | Homepage: | http://www.geocities.com/dvoid_2000/projects.html | | Changes: | A new utility has been added for calibrating the mic threshold. | | File Size: | 9834 | | Last Modified: | Jun 8 20:10:00 2000 |
| MD5 Checksum: | 53d034f6f16fad41a7c42821677c2001 |
|
| /// File Name: |
StMichael_LKM-0.03.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Added md5 checksums to the contents of system calls, added cloaking to hide the presence of StMichael, and its symbols. Since StMichael cause the rootkits to not work as expected, we do not want to give away any useful debugging information. | | File Size: | 9494 | | Last Modified: | Jun 5 18:53:13 2001 |
| MD5 Checksum: | 5b4c791c22c5fa58c904835a96f0389e |
|
| /// File Name: |
linuxrouting.txt |
Description:
|
The Linux networking code makes extensive use of hash tables to implement caches to support packet classification. One of these caches, the routing cache, can be used to mount effective denial of service attacks, using an algorithmic complexity attack.
| | Author: | Florian Weimer | | File Size: | 9431 | | Last Modified: | May 23 03:36:34 2003 |
| MD5 Checksum: | e6ff4115b0dde95e8f9bdd3a6c365337 |
|
| /// File Name: |
acm-1.02.tar.gz |
Description:
|
The Administrators Control Module (ACM) for kernel 2.2.x patches system calls like execve(), setuid(), open(), ipc(), setgid(), setreuid(), and setregid() for better security logging.
| | Author: | Xfer | | File Size: | 8892 | | Last Modified: | Feb 22 17:31:37 2000 |
| MD5 Checksum: | 3861e8b18bf7aa439b67e0f504bb9b1f |
|
| /// File Name: |
pam_watch-0.2.tar.gz |
Description:
|
Pam_watch is a pam module that installs two fifos for each console and allows you to take control by using them. One fifo can be used to read from STDOUT of the user console and the other to write to the STDIN of it. A simple client utility that uses these features is included.
| | Homepage: | http://frida.fri.utc.sk/~behan/devel/pam_watch/ | | File Size: | 8747 | | Last Modified: | Oct 15 20:19:20 2000 |
| MD5 Checksum: | c547f515652e1c2a3e6bfd47b53ae491 |
|
| /// File Name: |
ippersonality-20020427-2.4.18.tar.g..> |
Description:
|
The IP Personality project is a patch to Linux 2.4 kernels that adds netfilter features: it enables the emulation of other OSes at network level, thus fooling remote OS detection tools such as nmap that rely on network fingerprinting. The characteristics that can be changed are TCP Initial Sequence Number (ISN), TCP initial window size, TCP options (their types, values and order in the packet), IP ID numbers, answers to some pathological TCP packets, and answers to some UDP packets.
| | Author: | Gael Roualland and Jean-Marc Saffroy | | Homepage: | http://ippersonality.sourceforge.net | | Changes: | Ported to Linux 2.4.18 / iptables 1.2.2. | | File Size: | 8742 | | Last Modified: | May 27 04:41:39 2002 |
| MD5 Checksum: | 881fec3573f5810dc722bb1fd96fc970 |
|
| /// File Name: |
klgr.tgz |
Description:
|
klgr is a basic keylogger for Linux that loads as a module, but will hide from lsmod.
| | Author: | LynX | | Homepage: | http://rootteam.void.ru | | File Size: | 8597 | | Last Modified: | Apr 27 19:06:55 2003 |
| MD5 Checksum: | 0b56b0ecae612a6c4e8e8118112ff3c0 |
|
| /// File Name: |
listener-0.6.tgz |
Description:
|
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
| | Author: | Folkert van Heusden | | Homepage: | http://www.vanheusden.com/listener/ | | Changes: | One can now configure several parameters via the commandline. | | File Size: | 8402 | | Last Modified: | Dec 11 15:25:14 2004 |
| MD5 Checksum: | 6c71df6f7b32eeec9a4db487179e539d |
|
| /// File Name: |
linux-2.2.14-stealth4.diff |
Description:
|
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Version 4 is handled by sysctl. Note that the kernel config options are now under networking. | | File Size: | 7807 | | Last Modified: | Feb 11 15:40:37 2000 |
| MD5 Checksum: | d52ea3b06390d3000b096d46b10ef99c |
|
| /// File Name: |
stealth-2.2.17.diff |
Description:
|
Stealth IP Stack is a kernel patch for Linux 2.2.17 which makes your machine almost invisable on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on ande off on the fly.
| | Author: | Robert Salizar | | Homepage: | http://www.energymech.net/madcamel/fm | | File Size: | 7725 | | Last Modified: | Sep 18 16:14:40 2000 |
| MD5 Checksum: | 0372ec661f9d9bcf82f9185203c75632 |
|
| /// File Name: |
dspspy1.1.0.tar.gz |
Description:
|
dspspy is a sound recording utility for spying. dspspy waits until a sound is detected (input via /dev/dsp) and then it records it to a unique file. dspspy records sounds from the microphone to raw sound files. This can be used as a surveillance system.
| | Author: | Richard Svensson | | Homepage: | http://www.geocities.com/dvoid_2000/projects.html | | File Size: | 7294 | | Last Modified: | Jun 6 18:14:50 2000 |
| MD5 Checksum: | f901ccc68748042bc4bf6d7d20f91f74 |
|
| /// File Name: |
kfencev1.2.c |
Description:
|
Kfence version 1.2 provides kernel protection against basic exploitation techniques, including stack and heap overflows and format string exploits, by patching /dev/kmem and redirecting system_call to test if the eip of the caller is in the wrong memory region.
| | Author: | ins1der | | Changes: | Added .bss exec protection, simplified shellcode, added a better struct extraction method, added support for all 2.2.x and 2.4.x kernels. | | File Size: | 7275 | | Last Modified: | Aug 25 23:27:17 2003 |
| MD5 Checksum: | 9aa3ccf1a93852710026277cd614db63 |
|
| /// File Name: |
exitwound.tgz |
Description:
|
exitwound is a ptrace shared library redirection backdoor that is based on the technique described in Phrack 59-8. It attempts to redirect certain string handling routines commonly used in Internet services to trapdoored functions which yield a connect back shell on a specifically constructed passphrase. The benefits of this lie in the fact that no extra malicious processes or listening ports are needed, avoiding crude forms of forensic analysis.
| | Author: | salvia twist | | Homepage: | http://hack.batcave.net/ | | File Size: | 7219 | | Last Modified: | Aug 10 17:52:36 2003 |
| MD5 Checksum: | bd2c6717a90b9ab4bff89fab73ea1368 |
|
| /// File Name: |
stealth-2.2.18.diff |
Description:
|
Stealth IP Stack is a kernel patch for Linux 2.2.18 which makes your machine almost invisible on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on and off on the fly.
| | Author: | Robert Salizar | | Homepage: | http://www.energymech.net/madcamel/fm | | Changes: | Ported to Linux 2.2.18. | | File Size: | 7043 | | Last Modified: | Dec 13 00:02:12 2000 |
| MD5 Checksum: | 50a37ed3eb2e15a3dcdd2d76310cada7 |
|
| /// File Name: |
linux.klog.txt |
Description:
|
Patch for the linux kernel which may help you inexpensively deploy some packet loggers at key network ingress/egress points. Turns any Linux system into an ethernet logger that records mac address, ip address, ports and protocols with a timestamp in the system log. It can be activated and deactivated at the system console with two keystrokes.
| | Author: | DR | | Homepage: | http://www.dursec.com | | File Size: | 7004 | | Last Modified: | Feb 16 17:09:35 2000 |
| MD5 Checksum: | 5706b01372144f324ac0df893d064642 |
|
| /// File Name: |
elfdoctor.c |
Description:
|
Scanner to look up infection techniques that can be used in ELF modules. Includes function hijacking, relocation files, etc. Runs on linux 2.4.X.
| | Author: | Pluf | | File Size: | 6983 | | Last Modified: | Sep 6 17:59:26 2003 |
| MD5 Checksum: | db05d4c0327d757747a9d31ff7f6a0ac |
|
| /// File Name: |
listener-0.4.tgz |
Description:
|
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
| | Author: | Folkert van Heusden | | Homepage: | http://www.vanheusden.com/listener/ | | Changes: | If the sound ends, one can now let an external script/program be executed. Samples can now be compressed with several compression schemes. | | File Size: | 6891 | | Last Modified: | Mar 11 21:08:10 2004 |
| MD5 Checksum: | b6f09c40a575856e20612aa3e191ced9 |
|
| /// File Name: |
lkh-1.1-linux-2.4.18.tgz |
Description:
|
Linux Kernel Hooker library (LKH) version 1.1 (the subject of an article in phrack #58) provides a general purpose hooking interface with easy to use C primitives. It allows you to Hijack a kernel function, Add up to 8 callbacks for the function, Access the original parameters and modify them (retroactive changes), Add or remove a callback when you want, and more. Available for kernel versions 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.10, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, and 2.4.18.
| | Author: | mayhem | | Homepage: | http://devhell.org/~mayhem/projects/lkh/ | | File Size: | 6728 | | Last Modified: | May 17 04:16:04 2002 |
| MD5 Checksum: | 02ce7ef2dbf416b81e013b60417c02e0 |
|
| /// File Name: |
lsm.tar.gz |
Description:
|
LSM (Loadable Security Module) is a simple but effective intrusion prevention loadable kernel module. Currently it protects extended file attributes on ext2 from being modified by the super user and the module from being removed and other modules from being loaded. This basic protection also prevents access to raw devices, so debugfs can not be used on a disk partition nor can a change to the boot process occur. Loading this module prevents lilo configuration.
| | Author: | Paul | | File Size: | 6526 | | Last Modified: | May 2 22:56:38 2001 |
| MD5 Checksum: | 9e72f64953cdc92114114db0cd1b0607 |
|
| /// File Name: |
envcheck.tgz |
Description:
|
Klogd Local Exploit. Envcheck is a Linux kernel module which detects and prevents exploitation of the recent glibc vulnerabilities by intercepting the execve system call and sanitising the enviroment passed. At the cost of a very small performance penalty, it has advantages over a glibc upgrade, including logging of exploit attempts, it works with statically linked binaries, it is transparent to applications that may be sensitive to a change of glibc, and it partially protects libc5.
| | Author: | Lionel Cons | | Homepage: | http://c.home.cern.ch/c/cons/www/security/ | | File Size: | 6481 | | Last Modified: | Sep 13 16:40:21 2000 |
| MD5 Checksum: | f094b9437a462e5c8b6ef4b047751b0e |
|
| /// File Name: |
fpf.tar.gz |
Description:
|
FPF is a lkm for Linux which changes the TCP/IP stack in order to emulate other OS's TCP fingerprint. The package contains the lkm and a parser for the nmap file that let you choose directly the os you want.
| | Author: | Fusys, Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 6456 | | Last Modified: | Dec 2 21:10:23 2000 |
| MD5 Checksum: | 96e0d902d790672c9e645fca88cc09e7 |
|
| /// File Name: |
Sysctl.sh |
Description:
|
Using the sysctl support in linux to enhance a system security against outside attacks. Includes a script to optimize these settings by echoing values to /proc/sys/net/ipv4/*, turning on kernel security features which lessen the effect of SYN floods, smurf attacks, and turn on source validation by reversed path to add more protection against spoofed packets. Tested on linux 2.2.x.
| | Author: | Spender | | File Size: | 6357 | | Last Modified: | Jun 19 01:21:13 2000 |
| MD5 Checksum: | 489208bede266aac78116d80abaf9d01 |
|
| /// File Name: |
listener-0.3.tgz |
Description:
|
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
| | Author: | Folkert van Heusden | | Homepage: | http://www.vanheusden.com/listener/ | | File Size: | 6245 | | Last Modified: | Mar 1 14:41:00 2004 |
| MD5 Checksum: | 6200058e488ecc083b8d3fe7b9ae873a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
