u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

Please click our sponsor

Windows NT Intrusion Detection Tools

HummerNT.zip HummingBird is a distributed component for any Intrusion Detection System. Features: Share security information with any Internet host, Powerful search-able database of security relevant data, Easy to use data visualization, Detects light but network wide attacks, Keeps historical data of system status, Hosts can be organized in a hierarchy for better management and information flow, Java interface for alert messages. HummingBird Project.

ViperDB.zip ViperDB was created as a smaller & faster alternative to Tripwire. Instead of writing to one database, ViperDB writes to database files in each "watched" directory, decreasing the chances of an attacker being able to successfully modify your "watchd" filesystem. By J-Dog.

a2nt.zip Security management tools for NT.

bbnt1-03.zip Big Brother system and network monitor ported to NT.

bbnt1-04a.zip Systems and Network Monitor for Windows NT. By The MacLawran Group Inc.

bbnt1-04b.zip Big Brother v.1.04b (binaries for WinNT) - Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts it's own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring. Features: Web-based status display, Configurable warning and panic levels, Notification via Pager or email, Support for grouping of machines, Support for modem monitoring, Selectable paging delays, Heterogeneous Network Support. Monitors: dns nntp ftp smtp and pop3 testing, connectivity via ping, http servers up and running, disk space usage, uptime and cpu usage, essential processes are still running, messages and warnings. By The MacLawran Group Inc.

bbnt1-04d.zip Big Brother v.1.04d Systems and Network Monitor Client for Windows NT. You will need the UNIX server of course: bb-1.09c.tar.gz - Big Brother v1.09c for UNIX is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts it's own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring. Features: Web-based status display, Configurable warning and panic levels, Notification via Pager or email, Support for grouping of machines, Support for modem monitoring, Selectable paging delays, Heterogeneous Network Support. Monitors: dns nntp ftp smtp and pop3 testing, connectivity via ping, http servers up and running, disk space usage, uptime and cpu usage, essential processes are still running, messages and warnings. New with this release: notification acknowledgements, HTMLized status logs, configurable notification options, support for more OSes, better installation procedures, support for specific disk partition monitoring, support for compressed grouping output, full df and HTTP output, all internet services are paged now, noping option allows ping test to be disabled, Y2K compliant, touchtime completely replaces Unix touch command, support for dns server checking using the dns keyword, support for Display grouping of machines, ability to test web pages via proxy servers, improved security, bbnet may send arbitrary arguments to remote servers, much more. New with this release: History Graphs, HTMLized history logs, Notification acknowledgements, HTMLized status logs, Configurable notification options, Support for more OSes, Better installation procedures, Support for specific disk partition monitoring, Cleaner HTML code generated, bbnet may send arbitrary arguments to remote servers History files now kept. 143k. By The MacLawran Group Inc.

cla_v1_b1.exe Centrax Log Analyst (CLA) v1.b1 - Intrusion Detection software for Windows NT. Features: Detect threats and intrusion across an entire enterprise using an extensive list of activity signatures. Analyze event logs immediately using out-of-the-box security. Preserve and secure security logs in a centralized database to prevent alterations. Compile and archive large volumes of security logs for future reporting and trending. Generate easy-to-understand damage assessment reports. Free, full copy. By Centrax Corporation.

cybersensor.zip CyberSensor enables spying on any WIN32 API call. You can install any number of prehandlers and posthandlers for the API call. It enables spying on a specific process, its children or allows you to put a system wide hook. Features: Network based Machine Activity Monitor (NMAM) will be able to spy remotely on all the machines in the network. This can be used for monitoring user activity. The activities which can be monitored include Registry, File System, Internet, E-mails, Security, etc; API Library for writing your own spys; Framework for adding new monitors to NMAM; No configuration requirements on individual machines in the network; Centralized User Interface for the entire network. By Cybermedia Software Private Limited (CSPL).

diskmon.zip This is a Gui/device driver program that watches all hard disk activity.

dsinstall.exe Desktop Sentry is a security alert system for use with Microsoft Windows NT 4.0. It monitors your system and lets you know when someone attaches to any shares on your computer while you are connected to your local network or surfing the Internet. An excellent tool! Freeware by NTOBJECTives, Inc.

ifms100.zip Monitors paths and sends SMTP mail with changes discovered.

intactdemo10a.zip Intact v1.0a - Intact is a system integrity checker which will take a snapshot of your system and verify that none of your files, directories, registries, devices, settings, permissions and auditing have changed. Intact can be used to detect unauthorized intrustion, damage from viruses, trojan horses, rouge installation programs, security alterations, changes to auditing settings--pretty much any changes, additions or deletions which could compromise your system. By Intact web site.

netstatp.zip Netstatp with source code. Comes with tcpview (below).

nthandleex.zip Find out what files, registry keys and other objects processes have open, or which DLLs they have loaded. A flexible GUI will even show you who owns each process.

tcpview.zip See all open TCP and UDP endpoints. Full source to the command-line version of this tool, netstatp, is included.

windog-dtk.zip The foundation for a "Windows Deception Toolkit". This package contains "fake" telnet and sendmail daemons, coded in Perl, runs on Windows. Cool concept! By CyberPsychotic.

Windows NT Intrusion Detection Tools
HummerNT.zip	HummingBird is a distributed component for any Intrusion Detection System. Features: Share security information with any Internet host, Powerful search-able database of security relevant data, Easy to use data visualization, Detects light but network wide attacks, Keeps historical data of system status, Hosts can be organized in a hierarchy for better management and information flow, Java interface for alert messages. HummingBird Project.
ViperDB.zip	ViperDB was created as a smaller & faster alternative to Tripwire. Instead of writing to one database, ViperDB writes to database files in each "watched" directory, decreasing the chances of an attacker being able to successfully modify your "watchd" filesystem. By J-Dog.
a2nt.zip	Security management tools for NT.
bbnt1-03.zip	Big Brother system and network monitor ported to NT.
bbnt1-04a.zip	Systems and Network Monitor for Windows NT. By The MacLawran Group Inc.
bbnt1-04b.zip	Big Brother v.1.04b (binaries for WinNT) - Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts it's own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring. Features: Web-based status display, Configurable warning and panic levels, Notification via Pager or email, Support for grouping of machines, Support for modem monitoring, Selectable paging delays, Heterogeneous Network Support. Monitors: dns nntp ftp smtp and pop3 testing, connectivity via ping, http servers up and running, disk space usage, uptime and cpu usage, essential processes are still running, messages and warnings. By The MacLawran Group Inc.
bbnt1-04d.zip	Big Brother v.1.04d Systems and Network Monitor Client for Windows NT. You will need the UNIX server of course: bb-1.09c.tar.gz - Big Brother v1.09c for UNIX is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts it's own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring. Features: Web-based status display, Configurable warning and panic levels, Notification via Pager or email, Support for grouping of machines, Support for modem monitoring, Selectable paging delays, Heterogeneous Network Support. Monitors: dns nntp ftp smtp and pop3 testing, connectivity via ping, http servers up and running, disk space usage, uptime and cpu usage, essential processes are still running, messages and warnings. New with this release: notification acknowledgements, HTMLized status logs, configurable notification options, support for more OSes, better installation procedures, support for specific disk partition monitoring, support for compressed grouping output, full df and HTTP output, all internet services are paged now, noping option allows ping test to be disabled, Y2K compliant, touchtime completely replaces Unix touch command, support for dns server checking using the dns keyword, support for Display grouping of machines, ability to test web pages via proxy servers, improved security, bbnet may send arbitrary arguments to remote servers, much more. New with this release: History Graphs, HTMLized history logs, Notification acknowledgements, HTMLized status logs, Configurable notification options, Support for more OSes, Better installation procedures, Support for specific disk partition monitoring, Cleaner HTML code generated, bbnet may send arbitrary arguments to remote servers History files now kept. 143k. By The MacLawran Group Inc.
cla_v1_b1.exe	Centrax Log Analyst (CLA) v1.b1 - Intrusion Detection software for Windows NT. Features: Detect threats and intrusion across an entire enterprise using an extensive list of activity signatures. Analyze event logs immediately using out-of-the-box security. Preserve and secure security logs in a centralized database to prevent alterations. Compile and archive large volumes of security logs for future reporting and trending. Generate easy-to-understand damage assessment reports. Free, full copy. By Centrax Corporation.
cybersensor.zip	CyberSensor enables spying on any WIN32 API call. You can install any number of prehandlers and posthandlers for the API call. It enables spying on a specific process, its children or allows you to put a system wide hook. Features: Network based Machine Activity Monitor (NMAM) will be able to spy remotely on all the machines in the network. This can be used for monitoring user activity. The activities which can be monitored include Registry, File System, Internet, E-mails, Security, etc; API Library for writing your own spys; Framework for adding new monitors to NMAM; No configuration requirements on individual machines in the network; Centralized User Interface for the entire network. By Cybermedia Software Private Limited (CSPL).
diskmon.zip	This is a Gui/device driver program that watches all hard disk activity.
dsinstall.exe	Desktop Sentry is a security alert system for use with Microsoft Windows NT 4.0. It monitors your system and lets you know when someone attaches to any shares on your computer while you are connected to your local network or surfing the Internet. An excellent tool! Freeware by NTOBJECTives, Inc.
ifms100.zip	Monitors paths and sends SMTP mail with changes discovered.
intactdemo10a.zip	Intact v1.0a - Intact is a system integrity checker which will take a snapshot of your system and verify that none of your files, directories, registries, devices, settings, permissions and auditing have changed. Intact can be used to detect unauthorized intrustion, damage from viruses, trojan horses, rouge installation programs, security alterations, changes to auditing settings--pretty much any changes, additions or deletions which could compromise your system. By Intact web site.
netstatp.zip	Netstatp with source code. Comes with tcpview (below).
nthandleex.zip	Find out what files, registry keys and other objects processes have open, or which DLLs they have loaded. A flexible GUI will even show you who owns each process.
tcpview.zip	See all open TCP and UDP endpoints. Full source to the command-line version of this tool, netstatp, is included.
windog-dtk.zip	The foundation for a "Windows Deception Toolkit". This package contains "fake" telnet and sendmail daemons, coded in Perl, runs on Windows. Cool concept! By CyberPsychotic.