Archives Contact Us Search


See our backend page for how you can include this list, sidebars etc. on your site!

DoS-Linux.tar.gzTue Jan 4 00:50:23 2000
Remote denial of service attack against linux kernel 2.2.7 - 2.2.9, in perl. By misteri0
syslog-ng-1.3.11.tar.gzTue Jan 4 00:50:16 2000
syslog-ng as the name shows is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Changes: Some HP-UX and tcp related bug fixes. Homepage here. By Balazs Scheidler
imp-range.cTue Jan 4 00:50:09 2000
Tool for scanning networks which generates an list of IP addresses between a starting and ending ip. By Shake
cgichk1_36.cTue Jan 4 00:50:02 2000
Y2k fix for cgicgk-1_35, which would return false positives on any server with a date of 2000. By su1d sh3ll of UnlG
winfingerprint-222.zipTue Jan 4 00:50:01 2000
Winfingerprint 222: Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controlller), BDC (Backup Domain Controller), NT MEMBER SERVER, NT WORKSTATION, SQLSERVER, NOVELL NETWARE SERVER, WINDOWS FOR WORKGROUPS, WINDOWS 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, E numerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes. Changes: -m (mass scan) now outputs in framed HTML. This makes the output from large network scans useable for the first time. Homepage here. By Vacuum.
filetraq-0.2.tgzTue Jan 4 00:50:01 2000
FileTraq is a shell script designed to be run periodically from the root crontab. Each time, it compares a list of system files with the copies that it keeps. Any changes are reported in diff or patchfile style, and dated backup copies are kept. It lets you keep an eye on intruders who might change system files, or other sysadmins who don't tell you about changes. It even helps you keep track of your own changes, along with dated backups. Changes: Comment lines are now permitted in the config file, wildcard matches are now possible, and entire directories can be checked. Homepage here. By Jeremy Weatherford
iMailv5.txtTue Jan 4 00:49:22 2000
On iMail Server 5.0 for Windows NT 4.0 SP 6a, a malicous user can read and send emails as any other user on the system. The issue lies in how iMail handles the creating of new email accounts, and how it stores them. Exploit instructions included. By Simon
suse.majordomo.txtTue Jan 4 00:49:15 2000
The mailinglist software "majordomo" was found having several local vulnerabilties. However, the licence of the program prohibites us providing a fix. You should either remove majordomo or trust your local users until an official fix from greatcircles is available. SuSE security website here.
localscan.tar.gzTue Jan 4 00:49:07 2000
Localscan is a Perl-based frontend for nmap. It allows the user to compare the results of an nmap portscan with the results of a previous nmap portscan made when the subnet or IP range being scanned was in a "known-good" configuration. Essentially, localscan allows the user to use a portscanner and ask "What new ports are open?" instead of just asking "What ports are active?" Homepage here. By Dylan Greene
SuSEcompartment-0.5.tar.gzTue Jan 4 00:49:07 2000
SuSE Compartment is a program to build secure compartments for running untrsted/insecure programs, and has got the usual uid/gid setting and chrooting abilitity, but the nice thing is the easy access to linux per process capabilities. Homepage here. By Marc
find_ddosV2.tar.ZTue Jan 4 00:48:52 2000
Find_ddos Version 2 - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools, including the trinoo daemon, trinoo master, enhanced tfn daemon, tfn daemon, tfn client, tfn2k daemon, tfn2k client, and the tfn-rush client. Changes: Detects TFN2k. Homepage here.
sos.tgzTue Jan 4 00:48:51 2000
Socks Scan V 2.0 - Scan a host for SOCKS servers. Includes the SOCKS perl module. By Icehouse
elza-1.4.3.zipTue Jan 4 00:48:35 2000
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicring browser behavoir almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. As a result, one can hijack heavily protected HTML forms, perform dictionary attacks on login forms, and do sophisticated CGI scanning. Homepage here. By Phillip Stoev
TFN_toolkit.htmTue Jan 4 00:33:02 2000
Analysis of TFN-Style Toolkit v 1.1 - One of our systems was compromised and prompt action by the local sysadmin prevented the hackers from running their cleanup scripts. Consequently, we were able to get the toolkit that they were using against us. This toolkit contains components that are similar to what is in the TFN toolkit. Homepage here. By Randy Marchany
stacheldraht.analysisTue Jan 4 00:25:38 2000
The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool. Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents. Homepage here. By David Dittrich
CA-2000-01.distributedTue Jan 4 00:19:35 2000
CERT Advisory CA-2000-01 - Denial-of-Service Developments. A distributed denial-of-service tool called "Stacheldraht" has been discovered on multiple compromised hosts at several organizations. X-Force released a paper on trin00 and TFN. CERT DoS homepage here.
ezwfw.isoSun Jan 2 11:33:53 2000
The SPIRO-Linux EZ-Way Firewall allows you to setup and maintain a firewall easily, and without much strain on resources. It can be set up on a 486 with 8MB RAM, although a much more robust system is recommended for larger networks. This is meant to be a drop in replacement for the expensive and restrictive Firewall products available on the commercial market today. Homepage here. By Rick Collette
aide-0.5.tar.gzSun Jan 2 11:27:58 2000
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with. Changes: MD5 sums are now correct. Users must update their databases; they have false sums. With hash library support, you can have many more hash algorithms, and many bugfixes have been made. Note that the author's PGP keys have changed. Homepage here. By Rami Lehti
squidtaild.2.1a2.tgzSun Jan 2 11:20:56 2000
Squidtaild is a Squid log file monitoring program that will crosscheck new access.log entries with user-defined filters and report all hits (using HTML pages, email, or winpopups). It is ideal for schools and businesses that wish to monitor their Internet activity for policy violations (that can be custom generated). Changes: This complete Perl rewrite of Trailer is faster, more flexible, and offers more options. Homepage here. By Stefan Folkerts
psftp-0.15.full.tar.gzSun Jan 2 11:14:46 2000
Psftp is an FTP client that uses ssh 1.x as its backend. Thus, all file transfers and communications using it are encyrpted and secure. It provides a command-line FTP interface on top of scp and ssh. Changes: The ssh interface code has been rewritten (this should speed things up tremendously), auto-detection of the authentication method has been improved, history is now saved, remote file completion has been added, and some misc. bugs have been fixed. Homepage here. By Nadeem Riaz

Copyright © 1999 Kroll-O'Gara Information Security Group, All Rights Reserved. Legal Notice