airt-0.1.tar.bz2提交时间:2004-12-07 更新时间:2004-12-08 提交用户:aji 工具分类:入侵检测 运行平台:Linux 工具大小:69615 Bytes 文件MD5 :9e501a9b7baba2b995c1431f69622925 工具来源:Advanced Incident Response Tool hey all, I'm proud to announce that the AIRT 0.1 is now available: http://159.226.5.93/projects/airt-0.1.tar.bz2 AIRT (Advanced incident response tool) is a set of incident response assistant tools on linux platform. It's useful when you want to know what evil program is resident on your broken system and what the hell it is. It consists of 5 useful tools now: mod_hunter: looks for hidden module on the suspect system. process_hunter: looks for hidden process from kernel on the suspect system. sock_hunter: looks for hidden port from kernel on the suspect system. modumper: dumps the hidden module into file. dismod: trys to analyze the dumped module. Note: it only supports 2.6 kernel now, will support 2.4 kernel later. We will be happy to get any suggestion and bug report ;-P madsys From: "madsys" <madsys@ercist.iscas.ac.cn> To: "bugtraq" <bugtraq@securityfocus.com>, "full-disclosure" <full-disclosure@netsys.com> Cc: "honeypots" <honeypots@securityfocus.com>, "forensics" <forensics@securityfocus.com>, "mkill" <mkill@linuxaid.com.cn> Subject: Tool Announcement: AIRT -- the Advanced Incident Response Tool (linux) >> 下载 << |
