a tool to show you all the process IDs in use on a system, even
in the presence of a trojan-horsed /bin/ps (see comments for usage)
a tool that detects if anyone has attempted to hide their
presence from you by zeroing out their entries in the
wtmp log file, a technique used by the popular post-intrusion
zap and zap2 programs
a tool to detect what open ports you have on your system,
even in the presence of a trojan-horsed netstat
a tool that lists the open files on your system
fstat, a native BSD tool for showing open files
Intrusion Response Tools
a small, simple, customizable command-line tool that will deny
communication with an IP by blocking packets on a variety of
packet-filtering firewalls. My hope is for this to become a standard
so that IDS implementers do not have to hard-code different commands
into the IDS configurations depending on what firewall topology they
are using. Just run denycomm and let it do the work. This fits into
a greater scheme that I am working on, so check back here later.
Currently it supports ipf, pf, iptables and route.
enough software, a design principle that seems to come and go in
proportion to Microsoft's stock. This article doesn't address the
fact that Microsoft software seems to be written with a process that
produces a tremendous number of bugs. They brag about fixing such
large numbers of bugs that it's easy to overlook the fact that they
started with a great deal more than other design processes produce.
Another treatise on
good enough software.
This one has a link to the excellent "The Rise of Worse-is-Better" paper,
a must read.
Microsoft allows OEMs to customize the XP install CD so that they can
make it only install on the OEM's machines. This is a case where you must
reverse engineer (crack) this protection in order to use your legal XP
license. Until the DMCA this was legal (after all, *you own the license*),
but I don't know if DMCA makes this practice illegal.