FakeBO emulates a BackOrifice client (a trojan which can be used to
covertly monitor and alter Windows machines remotely), and can log
attempted commands and packets, as well as providing configurable
responses. Useful for catching script kiddies trying to find a hackable
Windows box, for providing evidence to their sysadmin, etc.
This is CFS, Matt Blaze's Cryptographic File System. It provides
transparent encryption and decryption of selected directory trees.
It is implemented as a user-level NFS server and thus does not
require any kernel modifications.
For an overview of how to use it, read "${PREFIX}/share/doc/cfs/notes.ms"
and the manual pages. There is a paper describing CFS at:
http://www.crypto.com/papers/cfs.pdf
Fake Identd is a tool that replies with a standard answer to all incoming
identd requests on a host, making it nearly perfect for a masquerading
router.
Fakeroot runs a command in an environment were it appears to have
root privileges for file manipulation, by setting LD_PRELOAD to a
library with alternative versions of getuid(), stat(), etc. This
is useful for allowing users to create archives (tar, ar, .deb .rpm
etc.) with files in them with root permissions/ownership.
This is a fast and Secure Tunnelling Daemon.
This is a fast and Secure Tunnelling Daemon.
Chkrootkit is a tool to locally check for signs of a rootkit.
-------------------------------------------------------------
It contains:
* chkrootkit: a shell script that checks system binaries for
rootkit modification.
* ifpromisc.c: checks if the network interface is in promiscuous
mode.
* chklastlog.c: checks for lastlog deletions.
* chkwtmp.c: checks for wtmp deletions.
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
* chkproc.c: checks for signs of LKM trojans.
* chkdirs.c: checks for signs of LKM trojans.
* strings.c: quick and dirty strings replacement.
* chkutmp.c: checks for utmp deletions.
For an updated list of rootkits, worms and LKMs detected by
chkrootkit please visit: http://www.chkrootkit.org/
Nelson Murilo <nelson@pangeia.com.br>
Klaus Steding-Jessen <jessen@nic.br>
This is a fake IKE daemon supporting just enough of the standards and Cisco
extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups.
If you know the pre-shared key, also known as shared secret or group password,
you can impersonate the VPN gateway in IKE phase 1, and learn XAUTH user
credentials in phase 2.