Section: .. / sniffers / snort /
| /// File Name: |
incident-1.7.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | New AU whois servers added, changed: lines from whois are now ignored unless no other contacts are found A few more whois server error messages are handled properly, and timeouts/retries for whois are now configurable. Some other minor bugfixes were also done. | | File Size: | 58273 | | Last Modified: | Oct 10 23:48:27 2001 |
| MD5 Checksum: | c095dc64bea5d14dff1d209878e5b66e |
|
| /// File Name: |
snort-rep-1.6.tar.gz |
Description:
|
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | Changes: | Improved parsing of fast-logs. | | File Size: | 19181 | | Last Modified: | Sep 5 02:07:37 2001 |
| MD5 Checksum: | c346214ce1ed255ec0dc902fb9bb6566 |
|
| /// File Name: |
snort-rep-1.5.tar.gz |
Description:
|
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | Changes: | Embedded Parse::Syslog module for easier installation. Now uses Text::FormatTable for nice text reports. Added --text-width and --narrow options. | | File Size: | 19047 | | Last Modified: | Aug 25 02:24:38 2001 |
| MD5 Checksum: | 4ad789f8a4d15a388f205c789c527fe7 |
|
| /// File Name: |
snort-1.8.1-RELEASE.tar.gz |
Description:
|
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
| | Author: | Martin Roesch | | Homepage: | http://www.snort.org | | Changes: | New stable release! Major bugfixes for the stateful inspector, stream reassembler, IP defragmenter, and tagging subsystems. SNMP and IDMEF XML output. New anti-evasion code is in the http_decode preprocessor! More regex/wildcards are in the rules language. Full changelog available here. | | File Size: | 1026894 | | Last Modified: | Aug 18 21:03:02 2001 |
| MD5 Checksum: | b20a570fd5e724f7b1913b5f4068fc3a |
|
| /// File Name: |
snort-rep-1.4.tar.gz |
Description:
|
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | Changes: | The perl module Parse::Syslog is now used. Sorting of HIGH alerts was fixed. | | File Size: | 15057 | | Last Modified: | Aug 17 19:19:06 2001 |
| MD5 Checksum: | 68aed06e77b7cae7e7f9121e79797a52 |
|
| /// File Name: |
incident-1.5.tar.gz |
Description:
|
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | More registrars have been added to the ignore list to avoid sending reports to the wrong people. More WHOIS servers have been added for querying. A '-x' option has been added to only do contact information gathering on a host and dump a list of admin emails to output, and some other minor bugs were corrected. | | File Size: | 12931 | | Last Modified: | Aug 12 21:29:12 2001 |
| MD5 Checksum: | dae08c4cb001ee5be5872329a4a09f62 |
|
| /// File Name: |
hogwash-0.1.d.tgz |
Description:
|
Hogwash is designed to take out 95% of the stock attacks all the kiddies throw at your network by dropping packets flagged by Snort. Hogwash is a layer 2 packet scrubber which sits in line, dropping packets based on signature matches. The rule set will be familiar to anyone that has used snort before. Hogwash supports passive host identification and adaptive rule sets for added accuracy.
| | Author: | Jason Larsen | | Homepage: | http://hogwash.sourceforge.net | | Changes: | Many bugfixes, unicode decoding, and session tear down. | | File Size: | 385344 | | Last Modified: | Aug 8 20:33:11 2001 |
| MD5 Checksum: | b81c69f54c2b7fa496601870ec2c61bf |
|
| /// File Name: |
snort-rep-1.3.tar.gz |
Description:
|
snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | Changes: | FreeBSD and Linux syslog parsing has been fixed, and a new "type" column has been added to the portscan report. | | File Size: | 15221 | | Last Modified: | Aug 2 22:02:56 2001 |
| MD5 Checksum: | 39dc7f0601093ac0b24fdb22efa8ad3f |
|
| /// File Name: |
snort-rep-1.2.tar.gz |
Description:
|
snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
| | Homepage: | http://people.ee.ethz.ch/~dws/software/snort-rep | | File Size: | 15073 | | Last Modified: | Jul 21 00:49:04 2001 |
| MD5 Checksum: | 95ba9f128647355241f09664c0685ef5 |
|
| /// File Name: |
snort-1.8-RELEASE.tar.gz |
Description:
|
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
| | Author: | Martin Roesch | | Homepage: | http://www.snort.org | | Changes: | New stable release! Includes Stateful inspection and TCP stream reassembly module, a high performance IP defragmenter module, and a high performance unified binary output module. Tagging now allows hosts that trip events to be tracked/logged. Unique Rule IDs for every Snort rule and new printout code make machine processing of Snort output much easier. Classifications and Priorities have been added to rules language. Now detects ARP spoofing. A new telnet normalization plugin defeats telnet and ftp evasion techniques. A RPC normalization plugin defeats RPC fragmentation evasion techniques. Full changelog available here. | | File Size: | 896440 | | Last Modified: | Jul 10 19:15:10 2001 |
| MD5 Checksum: | f7bfe64e82a05605d3941fb20325c2e3 |
|
| /// File Name: |
idscenter.exe |
Description:
|
IDSCenter v1.08c is a panel for SNORT-Win32, a tool for managing, controlling, and monitoring the Snort IDS. IDScenter support alarm sound functions and has error checking procedures. If Snort is killed, IDScenter restarts Snort immediately.
| | Author: | Ueli Kistler | | Homepage: | http://www.eclipse.fr.fm/snort.htm | | Changes: | An email alert system has been added. | | File Size: | 691828 | | Last Modified: | May 31 17:40:24 2001 |
| MD5 Checksum: | fddcecc47d697265cc0875a70650bc8e |
|
| /// File Name: |
incident-1.3.tar.gz |
Description:
|
Incident.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar | | Changes: | Some output formatting has been fixed, and SIGINT (ctrl-c) will do some cleanup before dying. This version has stricter parsing of the subject when doing email followup, and shows whether XWD failed or succeeded. An example email that is sent to the archive has been added. "security[at]" and "noc[at]" have been added to emails that are notified, and configuration can now be specified in a configuration file. | | File Size: | 10885 | | Last Modified: | May 14 14:00:06 2001 |
| MD5 Checksum: | 24ba0152a526c533dd7426d3f6aba379 |
|
| /// File Name: |
razorback-0.1.1.tar.gz |
Description:
|
Razorback is a log analysis program for Gnome which interfaces with the Snort Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. Screenshot here.
| | Homepage: | http://www.intersectalliance.com/projects/index.html | | Changes: | Preference bug fixed. | | File Size: | 285781 | | Last Modified: | Apr 10 20:13:06 2001 |
| MD5 Checksum: | 269e78129b2fbb2d2e248940a92cdf49 |
|
| /// File Name: |
incident-1.2.tar.gz |
Description:
|
incident.pl is a small script that, when given logs generated by snort, can generate an incident report for every event that appears to be an attempted security attack, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar/ | | Changes: | The recipients of reports are now logged in a file. Non-standard characters were removed from email addresses. | | File Size: | 17315 | | Last Modified: | Apr 6 19:10:48 2001 |
| MD5 Checksum: | 54aecdf77f19f64604ba822a834d1f6a |
|
| /// File Name: |
incident-1.1.tar.gz |
Description:
|
incident.pl is a small script that, when given logs generated by snort, can generate an incident report for every event that appears to be an attempted security attack, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar/ | | Changes: | The recipients of reports are now logged in a file. Non-standard characters were removed from email addresses. | | File Size: | 16199 | | Last Modified: | Mar 21 15:36:24 2001 |
| MD5 Checksum: | 9e2aaf2b4ba1a9638beda62d0a8fbdba |
|
| /// File Name: |
incident-1.0.tar.gz |
Description:
|
incident.pl is a small script that, when given logs generated by snort, can generate an incident report for every event that appears to be an attempted security attack, and report the attack to the appropriate administrators.
| | Homepage: | http://www.cse.fau.edu/~valankar/ | | File Size: | 15958 | | Last Modified: | Mar 4 22:56:02 2001 |
| MD5 Checksum: | e24f92b903343b7b9e81dbd61538787f |
|
| /// File Name: |
snort_stat.pl |
Description:
|
snort_stat.pl v1.14 (Feb 2001) does statistical analysis on snort logfiles. It's setup to process the syslog alerts that Snort creates and generate a bunch of relavent statistics about the current alerts. If you read the beginning of the script, it tells you how to activate the program as a cron job to provide daily reports of activity recorded by Snort.
| | Author: | Yen-Ming Chen | | File Size: | 18461 | | Last Modified: | Feb 14 02:48:21 2001 |
| MD5 Checksum: | be0cbb81a6359378179761be68522a2a |
|
| /// File Name: |
snort-1.7-win32-static.zip |
Description:
|
Snort 1.7 for Windows - This is a working port of Snort to Windows NT/2000/9x.
| | Author: | Michael Davis | | Homepage: | http://www.datanerds.net/~mike | | Changes: | Complete rewrite of snort port, -s to send alerts/logs to a remote syslog server; -E for eventlog; -W to list available interfaces, and some logging bugfixes. Also, this release is not 1.7 exactly, but is a CVS from 2 days ago. This means it includes the Spade fixes and any other bug fixes that were in the CVS version. Source available here. | | File Size: | 246822 | | Last Modified: | Feb 11 21:59:11 2001 |
| MD5 Checksum: | 79d65d8a44223600c2b76ed8a3087b14 |
|
| /// File Name: |
razorback-0.1.0.tar.gz |
Description:
|
Razorback is a log analysis program for Gnome which interfaces with the Snort Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. Screenshot here.
| | Homepage: | http://www.intersectalliance.com/projects/index.html | | File Size: | 285818 | | Last Modified: | Feb 5 20:06:01 2001 |
| MD5 Checksum: | 2225141d4aaa79df5dc8aadcda01ee11 |
|
| /// File Name: |
idscenter.zip |
Description:
|
Unavailable.
| | File Size: | 581600 | | Last Modified: | Jan 26 02:40:20 2001 |
| MD5 Checksum: | 24e7aa9772a9a5fbece3a70d2abe90af |
|
| /// File Name: |
snort-1.7.tar.gz |
Description:
|
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
| | Author: | Martin Roesch | | Homepage: | http://www.snort.org | | Changes: | New stable release! Features dynamic rules (rules that can turn on other rules), a Statistical Anomaly Detection preprocessor, a TCP stream reassembly preprocessor, XML output plugin, Oracle DB plugin, improved IP defragmentation preprocessor, HTTP decode preprocessor can now detect IIS/UNICODE attacks, Four new detection plugins (react, reference, fragbits, tos), Rules language now supports IP address lists, user configurable action types, and updated documentation. | | File Size: | 653702 | | Last Modified: | Jan 5 21:17:06 2001 |
| MD5 Checksum: | 0eae2f987f663a2fbf236e38d1f8e960 |
|
| /// File Name: |
IDMEF-xml-plugin_0.1.tar.gz |
Description:
|
Intrusion Detection Message Exchange Format (IDMEF) XML output plugin for Snort - Produces IDMEF messages in response to events triggering Snort rules. It is configured in a standard Snort configuration file, and can run concurrently with existing Snort logging output.
| | Author: | Joe McAlerney | | Homepage: | http://www.silicondefense.com/idwg/snort-idmef | | File Size: | 57423 | | Last Modified: | Dec 15 17:52:10 2000 |
| MD5 Checksum: | 8a70dd0d26986bb8f7915e1f3d2935f7 |
|
| /// File Name: |
snortrt_stat.pl |
Description:
|
Unavailable.
| | File Size: | 16876 | | Last Modified: | Nov 22 18:17:45 2000 |
| MD5 Checksum: | d28f5879352e5968d577aa3baf2469b5 |
|
| /// File Name: |
pgsql_php3 |
Description:
|
This is a php script which goes to the database (Postgresql) and generate some statistics from the data. For more info see this snortdb page.
| | Author: | Yen-Ming Chen | | Homepage: | http://xanadu.incident.org | | File Size: | 18924 | | Last Modified: | Nov 14 16:39:30 2000 |
| MD5 Checksum: | 60b87f3b1313543c52c6070d66a776fa |
|
| /// File Name: |
ruleset-retrieve.c |
Description:
|
Ruleset-retrieve obtains the newest Snort IDS ruleset from www.snort.org or whitehats.com and inserts your ip address into the appropriate areas.
| | Author: | Vacuum | | Homepage: | http://www.technotronic.com | | File Size: | 4599 | | Last Modified: | Nov 4 20:16:11 2000 |
| MD5 Checksum: | 9298f47430375c73ff07b095ce849deb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
