Fingerprinting Port 80 Attacks - A look into web server, and web application attack signatures, Part Two. Includes fingerprints, advanced fingerprints, cross site scripting examples, modified headers, more encoding, webserver codes and logging, and more.
d97f5503f10321059cd43269ac5f60529aabdbc377241beee4a5c1b65a186534Increasing Performance in High Speed NIDS is a paper discussing a number of methods to increase performance in Snort and also NIDS in general. Discusses bottlenecks that Snort has, a brief history of snort pattern matching, and the work that Silicon Defense did with Aho-Corasick_Boyer-Moore, discussing the differences between network grep and protocol analysis.
337737f0c2eeefdc2058b99a8043d983e504f5cd46712753df479953689227e6HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
552dd35b52705c6f4314d2fbacd357c66afb6fdeeaacea6b3e9985d2b2b25b81RSTunnel (Reliable SSH Tunnel) allows you to tunnel through data between two networks in a secure and encrypted tunnel. It uses SSH to connect the two machines. This will setup a tunnel for you, and make sure that it's constantly running.
664cc131289c8e42c28c00f231c24b43fc2c55c29b427ad43306af3ccb6f6f63Bubblegum is a daemon written in C which watches a file's access, modification, and inode change times, logging the changes. It can run an external command, read files from a filelist, and more.
5c7e9df2bb329004b551a8c035de176728b73494dc8b559eafe3ccef9cc05c2dInflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
081157339b10c1e6e2d4fcbcf3f668f6641cd25e850ce885b40c31d5bbad5b2fPort Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
f4e767a6110c60ff573cdd77614f19988e581e8cdcc0da5e04b0ec1d35e4ef7dWinfingerprint v0.4.2 - Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controller), BDC (Backup Domain Controller), NT member server, NT Workstation, SQLServer, Novell Netware Server, Windows for Workgroups, Windows 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, Enumerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes. Runs on Windows NT and 2000.
576b985dc188d8e02c684991d4af845233d5774a13faea6d889c42aa68b44b4dThe Xerver Free Web Server v2.10 contains file disclosure and denial of service vulnerabilities. Platforms affected include Windows, Linux, BSD, Solaris, and Mac. Exploits included.
38182b4e729c84958d0fc82d0597349a14e9eea6c1efb3b69df525ff368496ebMicrosoft Security Advisory MS02-014 - A buffer overflow in the windows shell can be used by attackers to execute arbitrary code if certain applications have been installed and then uninstalled. Microsoft FAQ on this issue available here.
62bbeae6144ce2eecc3e2b3ca85ce87e3776b2322efcd1485d5ca7be8d4d9f71FreeBSD Security Advisory FreeBSD-SA-02:13 - OpenSSH v2.0 through v3.0.2p1 contains an exploitable off by one error which allows a authenticated users to run code on the server as root. A malicious server may be able to cause a connecting ssh client to execute arbitrary code with the privileges of the client user.
6e00a15a25f7c776b080a9774af5d1a759451941a7cc0974c0c1dd73246b699c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed