[8723] in bugtraq
L0pht NFR N-Code Modules Updated
daemon@ATHENA.MIT.EDU (Dr. Mudge)
Fri Dec 18 16:54:02 1998
Date: Fri, 18 Dec 1998 16:29:38 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Dr. Mudge" <mudge@L0PHT.COM>
To: BUGTRAQ@NETSPACE.ORG
Greets folks - just a quick mention to all the IDS fans out there; L0pht
has added another 7 NFR modules to the public collection. You can get
to them from the main page http://www.L0pht.com or directly at
http://www.L0pht.com/NFR/
Our friend Silicosis ( sili@l0pht.com ) must have gotten perturbed by me
having NFR modules up and available to the public so he had to go and out
do me :) kudos to him for giving back to the community (and appropriate
timing I might add... definate candidate for coal this X-mas up until
this point!)
Of particular note should be the Back Orifice detection module which we
feel is the best one available right now - it does not rely upon the weak
encryption in BO, it has fewer false positives than the commercial
products out there, it's free, and you get the source.
The new modules are (all contributed by sili@l0pht.com) :
. Back Orifice Detector
. Big Packet Detector
. DNS Iquery Exploit logger
. Lockd/NFS exploit logger
. OOB (WinNuke) Detector
. Statd Exploit Watcher
. rpc.ttdbserverd Exploit Detector
The older modules that are still up on the same page are (all contributed
by mudge@l0pht.com) :
. Malicious Web Queries Module
. finger watcher
. Ext_arp_inside module
. External networks watcher
. land watcher
. rip v1 logger
. rip v2 logger
. X-Mas Tree Packet Watcher
. X connections initiated from internal networks terminating externally
We hope people find these useful for whatever purposes... Merry X-mas and
all that rot :)
Now let's see... where did we stash those exploits that we were going to
give out as stocking stuffers... hrmmm.
.mudge
----------
For more L0pht (that's L-zero-p-h-t) advisories, news, and whatnot check
out http://www.L0pht.com
----------
