Greets folks - just a quick mention to all the IDS fans out there; L0pht has added another 7 NFR modules to the public collection. You can get to them from the main page http://www.L0pht.com or directly at http://www.L0pht.com/NFR/ Our friend Silicosis ( siliat_private ) must have gotten perturbed by me having NFR modules up and available to the public so he had to go and out do me :) kudos to him for giving back to the community (and appropriate timing I might add... definate candidate for coal this X-mas up until this point!) Of particular note should be the Back Orifice detection module which we feel is the best one available right now - it does not rely upon the weak encryption in BO, it has fewer false positives than the commercial products out there, it's free, and you get the source. The new modules are (all contributed by siliat_private) : . Back Orifice Detector . Big Packet Detector . DNS Iquery Exploit logger . Lockd/NFS exploit logger . OOB (WinNuke) Detector . Statd Exploit Watcher . rpc.ttdbserverd Exploit Detector The older modules that are still up on the same page are (all contributed by mudgeat_private) : . Malicious Web Queries Module . finger watcher . Ext_arp_inside module . External networks watcher . land watcher . rip v1 logger . rip v2 logger . X-Mas Tree Packet Watcher . X connections initiated from internal networks terminating externally We hope people find these useful for whatever purposes... Merry X-mas and all that rot :) Now let's see... where did we stash those exploits that we were going to give out as stocking stuffers... hrmmm. .mudge ---------- For more L0pht (that's L-zero-p-h-t) advisories, news, and whatnot check out http://www.L0pht.com ----------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:10 PDT