incident.pl 1.8 by Viraj Alankar (http://freshmeat.net/users/valankos/) Sunday, October 14th 2001 18:28 Categories: Internet :: Log Analysis, Security, System :: Networking :: Monitoring About: incident.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators. Changes: RWHOIS is now being used for ARIN as well as domain lookups, and new options have been added to process all IPs in the input at once. There is better handling of RWHOIS timeouts and errors, and more incorrect server responses are detected. Domains with MX records are given more credibility than others without MX records even if there is whois information for the non-MX domain. telstra.net and connect.com.au have been added to the list of ignored domains, and other minor bugs have been fixed. License: GNU General Public License (GPL) URL: http://freshmeat.net/projects/incident.pl/ -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 12:47:17 PDT