L0pht NFR N-Code Modules Updated

[mudge () L0PHT COM (Dr. Mudge)]

Greets folks - just a quick mention to all the IDS fans out there; L0pht
has added another 7 NFR modules to the public collection. You can get
to them from the main page http://www.L0pht.com or directly at
http://www.L0pht.com/NFR/

Our friend Silicosis ( sili () l0pht com ) must have gotten perturbed by me
having NFR modules up and available to the public so he had to go and out
do me :) kudos to him for giving back to the community (and appropriate
timing I might add... definate candidate for coal this X-mas up until
this point!)

Of particular note should be the Back Orifice detection module which we
feel is the best one available right now - it does not rely upon the weak
encryption in BO, it has fewer false positives than the commercial
products out there, it's free, and you get the source.

The new modules are (all contributed by sili () l0pht com) :

. Back Orifice Detector
. Big Packet Detector
. DNS Iquery Exploit logger
. Lockd/NFS exploit logger
. OOB (WinNuke) Detector
. Statd Exploit Watcher
. rpc.ttdbserverd Exploit Detector

The older modules that are still up on the same page are (all contributed
by mudge () l0pht com) :

. Malicious Web Queries Module
. finger watcher
. Ext_arp_inside module
. External networks watcher
. land watcher
. rip v1 logger
. rip v2 logger
. X-Mas Tree Packet Watcher
. X connections initiated from internal networks terminating externally


We hope people find these useful for whatever purposes... Merry X-mas and
all that rot :)

Now let's see... where did we stash those exploits that we were going to
give out as stocking stuffers... hrmmm.

.mudge

----------
For more L0pht (that's L-zero-p-h-t) advisories, news, and whatnot check
out http://www.L0pht.com
----------