|
(Page 6 of 9) < Prev 1 2 3 4 5 6 7 8 9 Next > Category: Hostile Code » Detection Viralator Proxy Virus Scanner Added 2001-11-13 Viralator interfaces your network's squid proxy server with a virus scanner. Before a user can download a file, the proxy passes the file to the Viralator script which, in turn, uses a virus scanner (Inoculate for the first release) to scan, disinfect, or delete the download. This is especially good for stopping virus infected files from free email sites like hotmail, etc. Future enhancements will include other types of antivirus scanners, speed improvements, and limiting downloads to approved users. Support has now been added for AntiVir, AVP, RAV, and Sophos antivirus scanners, password protected sites, and filenames with spaces and special characters. PEriscope Added 2001-10-30 PEriscope is a PE file inspection tool. For example you can use it as an aid when you are looking for malicious code in files. KSTAT - Kernel Security Therapy Anti-Trolls Added 2001-10-22 Tool useful to find an attacker in your system by a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more. Sentinel Security Toolkit Added 2001-10-22 Sentinel is a fast file scanner similar to Tripwire or Viper with built in authentication using the RIPEMD 160 bit MAC hashing function. It uses a single database similar to Tripwire, maintains file integrity using the RIPEMD algorithm and also produces secure, signed logfiles. Its main design goal is to detect intruders modifying files. It also prevents intruders with root/superuser permissions from tampering with its log files and database. Disclaimer: this is not a security toolkit. It is a single purpose file/drive scanning program. Available versions are for linux (tested on all current Slackware and RedHat releases), with Irix versions soon to be added on. Prelude Added 2001-10-22 Prelude is a Network Intrusion Detection system. It is composed of the Prelude and Prelude Report programs. The first is for packet capture and data analysis, the second, for reporting attacks in a user readable form. Other important and current features of Prelude are an IP defragmentation stack and detection plugins with persistant state. BlackList Scanner Added 2001-10-22 The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm) ImSafe - Host Based Anomaly Detection Added 2001-10-22 Immue Security Architecture for Your Enterprise: detect changes in the "normal" behavior of processes (eg: ftp server). Use a kernel driver to monitor system calls and build a "profile" of the monitored application. Fast heuristics for detection of Buffer Overflows. Ramenfind Added 2001-10-22 Bill Stearns is working on a shell script that both detects and removes the Ramen Virus, from RedHat machines. Even though the Media has made a big deal about the Ramen Virus, I am afraid that this shell script solution may be overlooked. This shell script is not just for the security community but the RedHat community as a whole. Code Red v3 (aka Code Red II) Fix Added 2001-10-22 CD3FIX.EXE Code Red v3 Trojan Removal & Script Mapping Remediation Utility rpuckett@cisco.com 1. Looks for active EXPLORER.EXE processes and deletes those that have an execution path from the root of C:\ or D:\ 2. Unhides and deletes EXPLORER.EXE files in root of C:\ & D:\, deletes ROOT.EXE in /scripts and /MSADC directories 3. Removes SFCDisable from the Winlogon subkey of HKLM 4. Repairs the "...,,217" extensions from any of the values in the Virtual Root subkey of /W3SVC 5. Checks for static mappings in the ScriptMap subkey 6. Iterates the IIS 5.0 Metabase for .IDC, .IDA & .IDQ extension mappings and removes them 7. Creates a log file on C:\ (C:\cd3fix.log) 8. Reboots the box. NFR BackOfficer Friendly Added 2001-10-22 NFRŪ BackOfficer Friendly is a useful little burglar alarm - simple, unobtrusive, and easy to install - which rings when someone rattles your doorknob. It identifies attacks from Back Orifice, one of the nastier hacking applications, as well as other sorts of scans. NFR is currently offering BackOfficer Friendly as a FREE download for personal use only. Browse by category |
|
|
Privacy Statement |
