Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 03:49:48 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1509357539&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2FUNIX%2Fscan_detect%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1509357539.1338176988.1338176988.1338176988.1%3B%2B__utmz%3D32867617.1338176988.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/44668/scanlogd-2.2.6.tar.gz http://packetstormsecurity.org/files/44668/scanlogd-2.2.6.tar.gz http://packetstormsecurity.org/files/44668/scanlogd-2.2.6.tar.gz.html Wed, 15 Mar 2006 04:55:02 GMT Scanlogd is a TCP port scan detection tool originally designed to illustrate various attacks an IDS developer has to deal with, for a here. http://packetstormsecurity.org/files/33731/scanlogd-2.2.5.tar.gz http://packetstormsecurity.org/files/33731/scanlogd-2.2.5.tar.gz http://packetstormsecurity.org/files/33731/scanlogd-2.2.5.tar.gz.html Mon, 05 Jul 2004 10:10:00 GMT Scanlogd is a TCP port scan detection tool originally designed to illustrate various attacks an IDS developer has to deal with, for a here. http://packetstormsecurity.org/files/33476/scanlogd-2.2.4.tar.gz http://packetstormsecurity.org/files/33476/scanlogd-2.2.4.tar.gz http://packetstormsecurity.org/files/33476/scanlogd-2.2.4.tar.gz.html Thu, 03 Jun 2004 17:47:58 GMT Scanlogd is a TCP port scan detection tool originally designed to illustrate various attacks an IDS developer has to deal with, for a here. http://packetstormsecurity.org/files/23566/scanlogd-2.2.tar.gz http://packetstormsecurity.org/files/23566/scanlogd-2.2.tar.gz http://packetstormsecurity.org/files/23566/scanlogd-2.2.tar.gz.html Mon, 13 Nov 2000 08:05:04 GMT Scanlogd v2.1 is a TCP port scan detection tool for linux, originally designed to illustrate various attacks an IDS developer has to deal with, for a here. http://packetstormsecurity.org/files/17711/scanlogd-2.1.tar.gz http://packetstormsecurity.org/files/17711/scanlogd-2.1.tar.gz http://packetstormsecurity.org/files/17711/scanlogd-2.1.tar.gz.html Tue, 25 Apr 2000 20:51:47 GMT Scanlogd v2.1 is a TCP port scan detection tool for linux, originally designed to illustrate various attacks an IDS developer has to deal with, for a here. http://packetstormsecurity.org/files/10783/scandetd-1.1.3.tar.gz http://packetstormsecurity.org/files/10783/scandetd-1.1.3.tar.gz http://packetstormsecurity.org/files/10783/scandetd-1.1.3.tar.gz.html Thu, 16 Dec 1999 21:42:23 GMT Watches for TCP connection, records state for the past 1 second - if multiple connections occur from the same host, an internal counter is increased for that IP. If the counter reaches some value (which can be changed in #define) scandetd will send email to administrator. Information sent includes time, ip address, number of connections made, first and last connection times, and guessed type of scan (syn/fin). Logs to syslog by default. Configurable to allow trusted addresses. Tested under linux - possibly sunos and freebsd. http://packetstormsecurity.org/files/10769/klaxon12.tar.gz http://packetstormsecurity.org/files/10769/klaxon12.tar.gz http://packetstormsecurity.org/files/10769/klaxon12.tar.gz.html Sun, 12 Dec 1999 22:30:35 GMT Modified rexec source - captures ident information upon being portscanned. Does not actually emulate services other than listening at certain tcp ports. This is reported to work under Solarix 2.x and possibly linux. Now modified to provide limited counterintelligence (ident query back to source). http://packetstormsecurity.org/files/13176/detect-scans-0.70.tar.bz2 http://packetstormsecurity.org/files/13176/detect-scans-0.70.tar.bz2 http://packetstormsecurity.org/files/13176/detect-scans-0.70.tar.bz2.html Tue, 17 Aug 1999 00:06:07 GMT This logs and notifies you of portscans run against your host. Some kinds of D.o.S attacks might also get logged. http://packetstormsecurity.org/files/13177/detect-scans-0.80.tar.gz http://packetstormsecurity.org/files/13177/detect-scans-0.80.tar.gz http://packetstormsecurity.org/files/13177/detect-scans-0.80.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT detect-scans v0.80 logs and notifies you of portscans run against your host. Some kinds of D.o.S attacks might are also logged. http://packetstormsecurity.org/files/13175/Fakeserv1-1.zip http://packetstormsecurity.org/files/13175/Fakeserv1-1.zip http://packetstormsecurity.org/files/13175/Fakeserv1-1.zip.html Tue, 17 Aug 1999 00:06:07 GMT Fake Service version 1.1 - Fakes a Wingate service and Sendmail service, and listens for and logs scans on those ports. http://packetstormsecurity.org/files/13181/klaxon.tar.gz http://packetstormsecurity.org/files/13181/klaxon.tar.gz http://packetstormsecurity.org/files/13181/klaxon.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT Here's a modification of rexec that I call klaxon. Instead of actually executing anything, it returns a benign error to the caller, and syslogs the calling host, username, and name of attempted service access. It's also extremely useful for detecting portscanner attacks like those perpetrated by ISS and SATAN. Ident support (RFC931) is currently optional. klaxon is useful in place of any tcp or udp service port where you would not suspect activity. For Solaris2.X machines it will also work on the rpc.rexd port. http://packetstormsecurity.org/files/13188/portwatch.zip http://packetstormsecurity.org/files/13188/portwatch.zip http://packetstormsecurity.org/files/13188/portwatch.zip.html Tue, 17 Aug 1999 00:06:07 GMT Portwatch - acts a server, just sits on a port and waits for connections. http://packetstormsecurity.org/files/13189/rwxbo.c http://packetstormsecurity.org/files/13189/rwxbo.c http://packetstormsecurity.org/files/13189/rwxbo.c.html Tue, 17 Aug 1999 00:06:07 GMT RWX Back Orifice Sweep Scanner - RWXBO is a simple program that will log attempts to scan your ip range, and logs some commands that the attacker might type. http://packetstormsecurity.org/files/13192/scandetd.c http://packetstormsecurity.org/files/13192/scandetd.c http://packetstormsecurity.org/files/13192/scandetd.c.html Tue, 17 Aug 1999 00:06:07 GMT Scandetd is a port scan detection daemon that waits for incoming tcp connections and tries to recognize port scans. If tripped, scandetd sends email to root@127.0.0.1 with the time, attacking host, number of connections made, port of the first and last connections. Easy on system resources; for Linux; initial release. 6k. http://packetstormsecurity.org/files/13193/scandetect.pl.txt http://packetstormsecurity.org/files/13193/scandetect.pl.txt http://packetstormsecurity.org/files/13193/scandetect.pl.txt.html Tue, 17 Aug 1999 00:06:07 GMT Basic, but effective perl-based portscan detector. http://packetstormsecurity.org/files/13194/scandetect1.1.pl.txt http://packetstormsecurity.org/files/13194/scandetect1.1.pl.txt http://packetstormsecurity.org/files/13194/scandetect1.1.pl.txt.html Tue, 17 Aug 1999 00:06:07 GMT Latest release of J-Dog's portscan detector, now with the following features: uses nmap, queso, and nmbnamex to resolve remote "attacking/scanning" IP to a hostname, perform a tcp connect() scan on the remote host, grab the NetBIOS name of the scanner, and then use Queso to determine the OS of the remote host. http://packetstormsecurity.org/files/13195/scanlogd-v1.2.c.gz http://packetstormsecurity.org/files/13195/scanlogd-v1.2.c.gz http://packetstormsecurity.org/files/13195/scanlogd-v1.2.c.gz.html Tue, 17 Aug 1999 00:06:07 GMT Linux scanlogd v1.2 - Linux scanlogd port scan detector. Use to detect many of the latest nmap scans. http://packetstormsecurity.org/files/13196/scanlogd-v1.3.c.gz http://packetstormsecurity.org/files/13196/scanlogd-v1.3.c.gz http://packetstormsecurity.org/files/13196/scanlogd-v1.3.c.gz.html Tue, 17 Aug 1999 00:06:07 GMT Linux scanlogd v1.3 is a port scan detector daemon for Linux that is designed to recognize all of the latest nmap scans. http://packetstormsecurity.org/files/13197/scanlogd.c.gz http://packetstormsecurity.org/files/13197/scanlogd.c.gz http://packetstormsecurity.org/files/13197/scanlogd.c.gz.html Tue, 17 Aug 1999 00:06:07 GMT scanlogd v1.1 - Linux scanlogd port scan detector. http://packetstormsecurity.org/files/13200/tcplogd-0.1.1.tar.gz http://packetstormsecurity.org/files/13200/tcplogd-0.1.1.tar.gz http://packetstormsecurity.org/files/13200/tcplogd-0.1.1.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT tcplogd is a stealth-scan detector (TCP only). Configurable. 15k. http://packetstormsecurity.org/files/13201/tcplogd-0.1.2.tar.gz http://packetstormsecurity.org/files/13201/tcplogd-0.1.2.tar.gz http://packetstormsecurity.org/files/13201/tcplogd-0.1.2.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT tcplogd is a stealth-scan detector (TCP only). Configurable. 15k. http://packetstormsecurity.org/files/13202/tcplogd-0.1.3.tar.gz http://packetstormsecurity.org/files/13202/tcplogd-0.1.3.tar.gz http://packetstormsecurity.org/files/13202/tcplogd-0.1.3.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT tcplogd is a stealth-scan detector (TCP only). Configurable. 15k. http://packetstormsecurity.org/files/13203/tcplogd-0.1.4.tar.gz http://packetstormsecurity.org/files/13203/tcplogd-0.1.4.tar.gz http://packetstormsecurity.org/files/13203/tcplogd-0.1.4.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT tcplogd v0.1.4 is a stealth-scan detecting daemon that is designed to detect most nmap sX/sN/sS scans, queso and other network scanners. This release includes fixes for the port range bugs. http://packetstormsecurity.org/files/13204/tcplogd-0.1.4a.tar.gz http://packetstormsecurity.org/files/13204/tcplogd-0.1.4a.tar.gz http://packetstormsecurity.org/files/13204/tcplogd-0.1.4a.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT tcplogd is a stealth-scan detector (TCP only). Configurable. 15k. http://packetstormsecurity.org/files/13206/tcplogd-0.1.4b.tar.gz http://packetstormsecurity.org/files/13206/tcplogd-0.1.4b.tar.gz http://packetstormsecurity.org/files/13206/tcplogd-0.1.4b.tar.gz.html Tue, 17 Aug 1999 00:06:07 GMT tcplogd is a stealth-scan detector (TCP only). Configurable. 15k.