xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
添加工具English Version

airt-0.1.tar.bz2


提交时间:2004-12-07 更新时间:2004-12-08
提交用户:aji
工具分类:入侵检测
运行平台:Linux
工具大小:69615 Bytes
文件MD5 :9e501a9b7baba2b995c1431f69622925
工具来源:Advanced Incident Response Tool

hey all,
    
    I'm proud to announce that the AIRT 0.1 is now available:
    http://159.226.5.93/projects/airt-0.1.tar.bz2

    AIRT (Advanced incident response tool) is a set of incident response assistant tools on linux platform. It's useful when you want to know what evil program is resident on your broken system and what the hell it is. It consists of 5 useful tools now:

mod_hunter: looks for hidden module on the suspect system.

process_hunter: looks for hidden process from kernel on the suspect system.

sock_hunter: looks for hidden port from kernel on the suspect system.

modumper: dumps the hidden module into file.

dismod: trys to analyze the dumped module.


Note: it only supports 2.6 kernel now, will support 2.4 kernel later.

We will be happy to get any suggestion and bug report ;-P


  madsys

From: "madsys" <madsys@ercist.iscas.ac.cn>
To: "bugtraq" <bugtraq@securityfocus.com>,
    "full-disclosure" <full-disclosure@netsys.com>
Cc: "honeypots" <honeypots@securityfocus.com>,
    "forensics" <forensics@securityfocus.com>,
    "mkill" <mkill@linuxaid.com.cn>
Subject: Tool Announcement:  AIRT -- the Advanced Incident Response Tool (linux)

>> 下载 <<