< Prev 1 2 3 4 5 6 7 8 9 10 Next >
Category: Hostile Code
Iridium Firewall is an ipchains-based Linux 2.2 packet-filtering firewall designed for use on a gateway server protecting an internal LAN of masqueraded devices. It provides protection from many (I won't say all) forms of Denial of Service attacks, IP Spoofing, Stuffed Routing, Stuffed Masquerading, SYN Cookie attacks, damaged or hostile ICMP packets, and packet fragmentation among others. It protects from attacks on several well known Trojan Horse and illegal ports as well as attempted connections from bogus, reserved or illegal IP addresses.
QuarantineAttachment is a short procmail(1) script to quarantine e-mail with potentially malicious Outlook attachments.
Virge is mail scanner written in C. It requires Sendmail, and AVPDaemon, Sophie, or Trophie (for virus checking). It can check mail for virii, and also for attachment names (regular expressions, full names, etc). It scans mail for virii very quickly, since the virus scanners used are always loaded in memory.
Viralator Proxy Virus Scanner
Viralator interfaces your network's squid proxy server with a virus scanner. Before a user can download a file, the proxy passes the file to the Viralator script which, in turn, uses a virus scanner (Inoculate for the first release) to scan, disinfect, or delete the download. This is especially good for stopping virus infected files from free email sites like hotmail, etc. Future enhancements will include other types of antivirus scanners, speed improvements, and limiting downloads to approved users. Support has now been added for AntiVir, AVP, RAV, and Sophos antivirus scanners, password protected sites, and filenames with spaces and special characters.
PEriscope is a PE file inspection tool. For example you can use it as an aid when you are looking for malicious code in files.
NFR BackOfficer Friendly
NFRŪ BackOfficer Friendly is a useful little burglar alarm - simple, unobtrusive, and easy to install - which rings when someone rattles your doorknob. It identifies attacks from Back Orifice, one of the nastier hacking applications, as well as other sorts of scans. NFR is currently offering BackOfficer Friendly as a FREE download for personal use only.
IIS Worms Detector
IIS Worms Detector scans for Code Red, Code Blue and Nimda Worm locally.
Worm Report 1.2
Worm Report is a very simple Perl script to filter out the known worm hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. This script is useful in the short term to get the info to the people who need it. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.
Retina Nimda Scanner
The Retina Nimda Scanner is a tool created by eEye Digital Security that is able to scan up to 254 IP addresses at once and determine if any are vulnerable to the "Nimda Worm". If a machine or server is found to be vulnerable to the Nimda Worm, the Retina Nimda Scanner will flag the IP address.
Nimda Notifyer is a Perl script that will automatically send the netblock coordinator an email each time a specific URL is requested. This is meant to pressure system administrators who either don't care about the scanning, or those who are unaware. The default email lists 3 URLs in the email where more information can be found, and even greets recipients with their names (if listed properly in the netblock information).
Browse by category