|
(Page 4 of 4) < Prev 1 2 3 4 Category: Auditing » Network » Trojans & Backdoors XploiterStat Lite Added 2001-10-22 XploiterStat Lite is a freeware network management tool in a similar vein to the dos program 'Netstat.exe' - i.e. shows all the connections to your machine, listening ports (identifying trojans) etc. allowing you the user to see TCP/UDP & ICMP connections are present on your machine. This is the latest release of the program formerly known as Totostat Enhanced. It can be used by networking professionals to determine what connections are on the machine at any time along with all the ports that may be listening (i.e. services, trojan horses etc.). rvscan (remote vulnerability scanner) Added 2001-10-22 scans a unix system for just about every remote vulnerability currently being used by hackers. CompaqInsightManager Check & DoS Added 2001-10-22 Checks for the compaqInsightManager webserver which runs on port 2301. -Shows info of the host running the CIM. -Tries to get the 'SAM._' backup-file. -Got a 'DenialOfService' option. Source available in PERL-script. Ported to Win32executable by perl2exe. Atelier Web Security Port Scanner Added 2001-10-22 AWSPS features a very comprehensive set of tools, some of them unique, for in-depth assessment of Network Security: * High-speed TCP Connect scanning engine, with adjustable maximum number of simultaneously opened ports and no-connection time-out adjustment. * High-speed TCP Syn scanning engine for Windows 2000 platforms with TCP/IP and ICMP packet capture, report on pen/Retransmits, Close, Filtered ports, ICMP packet decoding and much more. * Fast reliable UDP Port scanner with intelligent test probing of ports to confirm whether the host is up. * State-of-the-art NetBIOS scanner (AWSPS Professional only). * Unique Mapping of Ports to applications feature (Ports Finder). * Local Connections and Listening Ports instant report. * Local TCP, UDP and ICMP statistics instant report. * Local Active Routes, DNS Servers and Persistent Routes. * Local IP Statistics/Settings instant report. * Local Transport Protocols/Winsock Service Providers list and details. * Local Addressing information table. * Local Net to media information table. * Local Interfaces Statistics/Settings instant report. * Local Network related Local Registry settings. * Comprehensive Local Area Network information, including NetBIOS Names, LANA, Shares, Security Information, Groups/Users and running Services. * The most complete TCP/UDP ports database. * Full-featured Time synchronyzer according to SNTP (RFC 1769), TIME TCP (RFC 868) and TIME UDP (RFC 868). BlackList Scanner Added 2001-10-22 The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm) Hogwash Added 2001-10-22 Hogwash is designed to take out 95% of the stock attacks all the kiddies throw at your network. Hogwash lives inline like a firewall, but it works differently. Instead of closing ports like a traditional firewall, it drops or modifies specific packets based on a signature match. Hogwash lives directly on top of the network driver, so it doesn't require an IP stack to work. It stops attacks that can't be blocked by a traditional firewall and can be used to protect systems that are unpatchable for one reason or another. The signature matching engine is based on Snort. Code Red v3 (aka Code Red II) Fix Added 2001-10-22 CD3FIX.EXE Code Red v3 Trojan Removal & Script Mapping Remediation Utility rpuckett@cisco.com 1. Looks for active EXPLORER.EXE processes and deletes those that have an execution path from the root of C:\ or D:\ 2. Unhides and deletes EXPLORER.EXE files in root of C:\ & D:\, deletes ROOT.EXE in /scripts and /MSADC directories 3. Removes SFCDisable from the Winlogon subkey of HKLM 4. Repairs the "...,,217" extensions from any of the values in the Virtual Root subkey of /W3SVC 5. Checks for static mappings in the ScriptMap subkey 6. Iterates the IIS 5.0 Metabase for .IDC, .IDA & .IDQ extension mappings and removes them 7. Creates a log file on C:\ (C:\cd3fix.log) 8. Reboots the box. Extrusion Added 2001-10-22 Extrusion is a kernel module that detects outgoing attacks. It is good for admins running servers that have a lot of users. It detects a user trying to open a raw socket, launch a UDP flood, or portscan. NFR BackOfficer Friendly Added 2001-10-22 NFRŪ BackOfficer Friendly is a useful little burglar alarm - simple, unobtrusive, and easy to install - which rings when someone rattles your doorknob. It identifies attacks from Back Orifice, one of the nastier hacking applications, as well as other sorts of scans. NFR is currently offering BackOfficer Friendly as a FREE download for personal use only. Worm Report 1.2 Added 2001-10-22 Worm Report is a very simple Perl script to filter out the known worm hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. This script is useful in the short term to get the info to the people who need it. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module. Browse by category |
|
|
Privacy Statement |
