.:[ packet storm ]:.
                               
preserving full disclosure
preserving full disclosure

 Section:  .. / papers / IDS  /

Page 1 of 2
<< 1 2 >> Files 1 - 25 of 38
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  Directory: / nids /
Description:
 White paper section discussing network intrusion detection systems
Total Files:49
Last Modified:Nov 10 21:30:49 2006

 ///  Directory: / hids /
Description:
 White paper section discussing host-based intrusion detection systems
Total Files:30
Last Modified:Nov 10 21:30:43 2006

 ///  File Name: Honeywalldetection.pdf
Description:
 This paper describes how to detect Honeypots / Honeywalls by using hping to send an ICMP packet containing shellcode and analyzing the response.
Author:Amir Alsbih
Homepage:http://www.informatik.uni-freiburg.de/~alsbiha/
File Size:195088
Last Modified:Apr 4 23:47:20 2006
MD5 Checksum:942f361da108396aa0eb5f7b261e048d

 ///  File Name: optimizeNFR1.pdf
Description:
 White paper discussing the optimization of Network Flight Recorder (NFR) and attack signatures overall when it comes to the MS-SQL Hello buffer overflow.
Author:benjurry
Homepage:http://www.xfocus.org
File Size:130704
Last Modified:Aug 14 03:36:27 2003
MD5 Checksum:32f914ab637812862a099ea830179528

 ///  File Name: Architecture.PDF
Description:
 White paper on the AIRIDS architecture ideology and framework that allows for an IDS to intelligently respond to attacks automatically.
Author:Thomas Munn
File Size:49871
Last Modified:Mar 29 05:53:08 2003
MD5 Checksum:c292a8361cad98db519d7b55aaa33e87

 ///  File Name: kaletonidspaper.pdf
Description:
 This paper investigates combining Misuse and Anomaly based IDS into one system. Misuse detection consists of defining malicious network traffic and monitoring for it. Anomaly detection consists of defining normal or typical network traffic and then detecting anything else. The perl source code for a prototype NIDS is included (requires TCPDump).
Author:Kaleton Internet
Homepage:http://www.kaleton.com/research
File Size:192860
Last Modified:Feb 24 01:04:45 2003
MD5 Checksum:dcad0a1937d11540a93ae660a495b624

 ///  File Name: anomaly_rules_def.pdf
Description:
 This paper discusses using Snort as an anomaly based IDS, outlining the utilization of different deployments with listings of advantages and disadvantages.
Author:Lubomir Nistor
File Size:21704
Last Modified:Jan 27 21:05:35 2003
MD5 Checksum:840f4fe86e49259b4ae53ed522238238

 ///  File Name: SNORTRAN-wp.pdf
Description:
 SNORTRAN: An Optimizing Compiler for Snort Rules White Paper. Snortran is an optimizing compiler for intrusion detection rules popularized by an open-source Snort IDS. While Snort and Snort-like rules are usually thought of as a list of independent patterns to be tested in a sequential order, we demonstrate that common compilation techniques are directly applicable to Snort rule sets and are able to produce high-performance matching engines. SNORTRAN combines several compilation techniques, including cost-optimized decision trees, pattern matching precompilation, and string set clustering. Although all these techniques have been used before in other domain-specific languages, we believe their synthesis in SNORTRAN is original and unique.
Author:Sergei Egorov, Gene Savchuk
Homepage:http://www.fidelissec.com
File Size:253505
Last Modified:Oct 10 04:33:14 2002
MD5 Checksum:42d0c6a71e0806cdd8fe41063e4e05bd

 ///  File Name: atstake_opensource_forensics.pdf
Description:
 Open Source Digital Forensics Tools: The Legal Argument - This paper addresses digital forensic analysis tools and their use in a legal setting. To enter scientific evidence into a United States court, a tool must be reliable and relevant. The reliability of evidence is tested by applying "Daubert" guidelines. To date, there have been few legal challenges to digital evidence, but as the field matures this will likely change. This paper examines the Daubert guidelines and shows that open source tools may more clearly and comprehensively meet the guidelines than closed source tools.
Author:Brian Carrier
Homepage:http://www.atstake.com/research/tools/task
File Size:175255
Last Modified:Oct 10 04:07:44 2002
MD5 Checksum:05afeff39bd1b2eed4c61fd5f2f1652c

 ///  File Name: unspoofing.txt
Description:
 The Art of Unspoofing - Describes several methods to track down denial of service attacks and includes a patch for Bind v8.3.3 and 4.9.9 which adds logging of external queries regarding domains the nameserver is authoritative for.
Author:Sean Trifero, Brian Knox
Homepage:http://www.innu.org/~sean
File Size:7679
Last Modified:Sep 17 05:31:20 2002
MD5 Checksum:87f2e5f7f9fb0f15027b7ab29a34b67e

 ///  File Name: OIR.pdf
Description:
 This paper puts forth the concept of intrusion resiliency as an emergent behavior that occurs within coupled intrusion detection and intrusion response mechanisms when the mechanisms, as a whole, exhibit a key set of identified attributes. An Illustrative example of how these attributes interact with each other to produce this behavior is given in the form of the Saint Jude Linux Kernel Module.
Author:Tim Lawless
Homepage:http://www.sourceforge.net/projects/stjude
File Size:305039
Last Modified:May 14 06:52:36 2002
MD5 Checksum:5b518c15a0f84d085f417ddc32788e2b

 ///  File Name: snort4-latest.pdf
Description:
 Building an Intrusion Detection System Using Snort - Covers installing RedHat Linux 7.1,Compiling/Installing and configuration of MySql/Apache/ACID/Snort, setup of snort rules, and hardening the machine.
Author:Aidan Carty
Homepage:http://www.entropy.ie/
File Size:1069097
Last Modified:Apr 25 07:53:47 2002
MD5 Checksum:76ba61fd4ec82916de4b1b4bf0e145ca

 ///  File Name: fingerprinting-2.txt
Description:
 Fingerprinting Port 80 Attacks - A look into web server, and web application attack signatures, Part Two. Includes fingerprints, advanced fingerprints, cross site scripting examples, modified headers, more encoding, webserver codes and logging, and more.
Author:Zenomorph
Homepage:http://www.cgisecurity.com
File Size:29111
Last Modified:Mar 8 08:50:24 2002
MD5 Checksum:017c5af72321622e81779bcd097b07fa

 ///  File Name: Increasing_Performance_NIDS.pdf
Description:
 Increasing Performance in High Speed NIDS is a paper discussing a number of methods to increase performance in Snort and also NIDS in general. Discusses bottlenecks that Snort has, a brief history of snort pattern matching, and the work that Silicon Defense did with Aho-Corasick_Boyer-Moore, discussing the differences between network grep and protocol analysis.
Author:Neil Desai
Homepage:http://www.snort.org
File Size:341044
Last Modified:Mar 8 08:44:45 2002
MD5 Checksum:c12ed4958867665a73045b0276cf74d0

 ///  File Name: fingerprint-port80.txt
Description:
 Fingerprinting Port 80 Attacks - This paper looks at some of the signatures that are used in web server attacks and what to look for in your logs.
Author:Zenomorph
Homepage:http://www.cgisecurity.com
File Size:23294
Last Modified:Nov 6 08:03:44 2001
MD5 Checksum:75f97cc427a782ee2a221d5344634bbd

 ///  File Name: insidethreat.txt
Description:
 Protecting Corporate and Enterprise Networks Against Insider Threats - The aim of this text is to provide a basic understanding of how important it is to maintain security within the corporate network, and to offer some theory and technique that the Hacker (The insider) may use or may be using to penetrate vital systems within your organization.
Author:Reflux
File Size:8857
Last Modified:Jul 25 22:01:57 2001
MD5 Checksum:5b492c808a0e767a4868c29d6c156796

 ///  File Name: t0rn.txt
Description:
 How to detect the t0rn rootkit - Includes detection methods, md5sums, pathnames, and TCP port numbers.
Author:Toby Miller
Homepage:http://www.securityfocus.com
File Size:9985
Last Modified:Dec 4 06:16:25 2000
MD5 Checksum:aa9dd40ccf8e124ef33f32e1f63c19c8

 ///  File Name: intv2-8.pdf
Description:
 "Interpreting Network Traffic" takes a look at modern reconnaissance activity from the viewpoint of the intrusion detection analyst. The author introduces general principles of network intrusion detection, and explains the basics of a TCP connection through its representation in TCPDump format. He then dissects specific network events in TCPDump format, including scans, third party effects of SYN floods, and load balancing systems. He also presents an argument to refute the existence of "reset scans."
Author:Richard Bejtlich
File Size:89053
Last Modified:Nov 5 01:02:23 2000
MD5 Checksum:087154ed8b13dd2a529f7bcd3cdf7e38

 ///  File Name: spice-ccs2000.pdf
Description:
 SPICE Whitepaper - The Stealthy Portscan and Intrusion Correlation Engine is a project at Silicon Defense to detect portscans, even those in which the attacker has attempted to make the scan stealthy. For example, they may have slowed down the scan or randomized it. The basic idea with Spice is to monitor a network's packets. Each packet is assigned an anomaly score based on the normal traffic observed on the network. The higher the score, the more unusual and possibly suspicious the packet it. These are then passed to a correlator which groups related packets together and reports portscans. The correlator is under active development but an implementation of the anomaly sensor called SPADE has been released.
Author:James Hoagland
Homepage:http://www.silicondefense.com/spice
File Size:249618
Last Modified:Oct 1 03:26:38 2000
MD5 Checksum:0ccbe965d6f28833ef8441bbe22c4ab4

 ///  File Name: PassiveMappingviaStimulus.pdf
Description:
 Passive Mapping: The Importance of Stimulus - This paper is a follow-on to the first Passive Mapping paper. It examines the difference between active and passive mapping and gives some examples of how this difference can be implemented.
Author:Coretez Giovanni
Homepage:http://www.8thport.com
File Size:25696
Last Modified:Jun 26 08:32:15 2000
MD5 Checksum:dafefead7021248954b91fcc6d33137d

 ///  File Name: OffensiveUseofIDS.pdf
Description:
 Offensive Use of IDS - This paper explores ways Intrusion Detection Systems (IDS) can be used for offensive purposes. It gives a brief technical outline of determining which TCP services are running on a network using passive monitoring.
Author:Coretez Giovanni
Homepage:http://www.8thport.com
File Size:20164
Last Modified:Jun 26 08:25:47 2000
MD5 Checksum:2ea691ce01ff4f3fb49226b16ebffac4

 ///  File Name: scan.txt
Description:
 Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.
Author:Lance Spitzner
Homepage:http://www.enteract.com/~lspitz/papers.html
File Size:6147
Last Modified:May 27 00:05:44 2000
MD5 Checksum:a87a4b4940160dc75d39ebcd278bcd54

 ///  File Name: fingerprinting.txt
Description:
 IDing remote hosts, without them knowing. This paper details the process of Passive Fingerprinting. Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own idiosyncrasies.
Author:analyzing sniffer traces and identifying these differences, you may be able determine the operating system of the remote host. Craig Smith has written a proof of concept tool called passfing.tar.gz. Homepage here.
File Size:10618
Last Modified:May 16 23:16:40 2000
MD5 Checksum:2aa7b3dc1c6b55b5165fe2debf6d98a4

 ///  File Name: ids.ps
Description:
 Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas H. Ptacek.
File Size:748909
Last Modified:Apr 20 01:47:38 2000
MD5 Checksum:86520fa1e5b1cd86f19fdc232c0ad13d

 ///  File Name: switched.htm
Description:
 FAQ on implementing a Network Based IDS in a heavily switched environment.
Author:Scott
Homepage:http://www.sans.org
File Size:6574
Last Modified:Feb 18 18:43:16 2000
MD5 Checksum:d7d52f2f801854f18c04f2f8df42e47c
 

 ///  Last 10 Files
  1. :· BrowserRider.20081124.tar.bz2
  2. :· pieweb-rfi.txt
  3. :· FreeBSD-SA-08.11.arc4random.txt
  4. :· USN-677-1.txt
  5. :· dsa-1671-1.txt
  6. :· dsa-1670-1.txt
  7. :· quicksilverforums-rce.txt
  8. :· webstudio-sql.txt
  9. :· siemens-dos.txt
  10. :· nitrotech-rfisql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· FreeBSD-SA-08.11.arc4random.txt
  2. :· USN-677-1.txt
  3. :· dsa-1671-1.txt
  4. :· dsa-1670-1.txt
  5. :· USN-676-1.txt
  6. :· USN-675-2.txt
  7. :· USN-675-1.txt
  8. :· USN-674-2.txt
  9. :· SVRT-05-08.txt
  10. :· 2008-01-flash.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· pieweb-rfi.txt
  2. :· quicksilverforums-rce.txt
  3. :· webstudio-sql.txt
  4. :· siemens-dos.txt
  5. :· nitrotech-rfisql.txt
  6. :· bandwebsite-sqlxss.txt
  7. :· ftpzik-xsslfi.txt
  8. :· tvp-crash.txt
  9. :· googlechrome-obfuscate.tgz
  10. :· w3camayaid-overflow.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· BrowserRider.20081124.tar.bz2
  2. :· mp3nema-v0_2.tar.gz
  3. :· squid-nufw-helper-1.1.3.tar.gz
  4. :· xplico-0.1_deft4.tgz
  5. :· ksplice-0.9.4-src.tar.gz
  6. :· fwknop-1.9.9.tar.gz
  7. :· pysumpas-0.2.0.tar.gz
  8. :· framework-3.2.tar.gz
  9. :· tor.uclibc.i686.20081115.iso
  10. :· RFIDIOt-Windows-0.1u.zip
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· tcpip_lib51.zip
  2. :· linuxrsa-shellcode.txt
  3. :· linuxcb-shellcode.txt
  4. :· 25bytes-execve.txt
  5. :· execve-shellcode.txt
  6. :· java2-malware.pdf
  7. :· return-to-libc-linux.txt
  8. :· stack-overflow-linux.txt
  9. :· smallest_setuid_execve_sc.c
  10. :· sudoers-shellcode.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice