Re: Looking for intrusion detection - Tripwire isn't it
Jim Truitt (jtruitt@clark.net)
Tue, 22 Aug 1995 17:15:54 -0400
Date: Sun, 26 Mar 1995 12:13:32 -0800
From: daemon@holonet.net (HoloNet Background Processor)
To: jtruitt@iu.net
Subject: info
info
Last updated 10 Mar 95
This file is sent in response to any email message to:
info@haystack.com or info@mailer.haystack.com
You have reached the Internet email responder for Haystack Labs, Inc.
We design and develop Unix security tools for intrusion and misuse
detection and audit trail analysis.
There are many files available from this system, as described below,
and new ones are added frequently. All files are ASCII; binary
files are uuencoded. (See the end of this message for information on
uuencoded files.) Check the file size to make sure your Internet
mailer has sufficient capacity for a mail message of that size.
Any of these files will be emailed to you in response to email sent to:
filename@mailer.haystack.com
where filename is listed in the leftmost column below.
For example, if you want a copy of the file named "background.uue",
then send an email message to:
background.uue@mailer.haystack.com
We would appreciate it if you would provide your contact information
(name/address/phone) in the body of your message, but the system works
without it. If you have problems using this system, please send email
to support@haystack.com, or call/fax us.
Here's how to reach us:
post: Haystack Labs, Inc.
10713 RR620 North, Suite 521
Austin, TX 78726
USA
phone: 512-918-3555
fax: 512-918-1265
If you are interested in sales-related information, please contact
Donna Herrin ay the above phone number or send email to:
sales@haystack.com
please contact our U.S. Government sales rep, Ms. Kelly Collins, at
301-924-0800 in the DC area.
-------------------------------------------------------------------
-------------------------------------------------------------------
approx.
filename size (KB) contents
-------------------------------------------------------------------
-------------------------------------------------------------------
info 11 this file
events 2 upcoming talks and trade shows where you
can see our products and/or hear about our
technologies
backgrnd.uue 38 company backgrounder on Haystack Labs
format is uuencoded .eps.Z file (Postscript)
-------------------------------------------------------------------
product data sheets:
-------------------------------------------------------------------
overview 4 product overview of Stalker (TM), Haystack Labs'
software for misuse detection and audit trail
analysis on Unix platforms; ASCII
ac 2 data sheet on Audit Control features; ASCII
ac.uue 72 data sheet on Audit Control features;
format is uuencoded .eps.Z file (Postscript)
tb 3 data sheet on Tracer/Browser features;
for queries and report generation; ASCII
tb.uue 52 data sheet on Tracer/Browser features
for queries and report generation;
format is uuencoded .eps.Z file (Postscript)
md 3 data sheet on Misuse Detector features;; ASCII
md.uue 72 data sheet on Misuse Detector features;
format is uuencoded .eps.Z file (Postscript)
aix_pr.uue 14 press release on new IBM AIX 3.2.5/4.1 support;
format is a uuencoded .eps.Z file with graphics
edu_sld.eps.uue 133 Introductory slide set on Stalker software;
useful in general security classes;
format is uuencoded .eps.Z file (Postscript)
edu_sld.ppt.uue 267 Introductory slide set on Stalker software;
useful in general security classes;
Microsoft PowerPoint data file that generated
edu_sld.eps.uue;
format is uuencoded .ppt.Z file (PC PowerPoint)
-------------------------------------------------------------------
product application notes:
-------------------------------------------------------------------
NOTE: These notes show how the Stalker software is used to solve
common security and accountability problems. They include detailed
screen snapshots. These files are uuencoded .eps.Z files (Postscript).
appnote1.uue 190 Who Read the CEO's Email?
appnote2.uue 154 Did Anyone Log In From Outside the Company?
appnote3.uue 233 Did Anyone Install a Trojan Horse Program?
appnote4.uue 168 Who Tried To Become "Superuser"?
appnote5.uue 191 Who Read Burt Reynolds Tax Return?
appnote6.uue 150 Did An Internet Hacker Install a Sniffer
Program on the Network?
-------------------------------------------------------------------
legal:
-------------------------------------------------------------------
dev_lic.uue 68 Developer's kit license agreement;
required to purchase our Misuse Detector
Developer's Kit;
format is uuencoded .eps.Z file (Postscript)
eval.uue 51 Software evaluation agreement;
required to get an evaluation copy of our
products;
format is uuencoded .eps.Z file (Postscript)
nda.uue 33 Non-disclosure agreement;
format is uuencoded .eps.Z file (Postscript)
reseller.uue 106 Reseller's agreement;
format is uuencoded .eps.Z file (Postscript)
re_info.uue 21 Reseller's information/qualification form;
format is uuencoded .eps.Z file (Postscript)
sla.uue 95 Software license agreement;
required to purchase our products;
format is uuencoded .eps.Z file (Postscript)
sma.uue 41 Software maintenance agreement; covers
support for our products;
format is uuencoded .eps.Z file (Postscript)
-------------------------------------------------------------------
research papers and presentations:
-------------------------------------------------------------------
acsac-tk.uue 91 Presentation slides used by Steve Smaha at the
10th Computer Security APplications Conference
in Orlando, FL, on 08 Dec 94; talk was entitled
"Audit Trail Analysis in Government and Industry",
and gives an overview of the uses and management
of audit trail data;
format is uuencoded .eps.Z file (Postscript)
biblio 22 bibliography of papers on intrusion and misuse
detection; ASCII
hli_biblio 3 bibliography of security-related papers by
Haystack Labs' staff; ASCII
svr4.p22 17 version 2.2 of specification for svr4++ audit data
interchange format for Unix; ASCII
csi.uue 36 Journal paper, "Misuse Detection Tools," from
Computer Security Journal (Computer Security
Institute), Spring, 1994;
format is uuencoded .eps.Z file (Postscript)
auerbach.uue 37 Journal paper, "Software Tools for Detecting
Misuse on Unix Systems," Data Security Management
(Auerbach Publications), Fall, 1994;
format is uuencoded .eps.Z file (Postscript)
-------------------------------------------------------------------
reports and source code from Firewall Monitor project:
-------------------------------------------------------------------
NOTE: This is some of the code developed for a U.S. Government
project to build a Firewall Monitor. This monitor merged data from a
high-grade firewall with SunOS operating system audit trail information
from the Bastion Host for subsequent analysis by Stalker. See
14idswrk.uue for more information.
14idswrk.uue 49 presentation slides used by Steve Smaha at the
14th Intrusion Detection Systems Workshop in
Baltimore, MD, on 13 Oct 94; talk was entitled
"Using Non-Audit Data For Misuse Detection",
and describes an application of the Stalker
product to monitor a high-grade firewall;
format is uuencoded .eps.Z file (Postscript)
firewal1.uue 56 Diagram to accompany fwtech.txt;
format is uuencoded .eps.Z file (Postscript)
firewal2.uue 29 Diagram to accompany fwtech.txt;
format is uuencoded .eps.Z file (Postscript)
firewal3.uue 63 Diagram to accompany fwtech.txt;
format is uuencoded .eps.Z file (Postscript)
fwtech.txt 67 Final project technical report; ASCII
api.uue 50 C source code for API to write audit trail
events based on POSIX 1003.6/Draft 14 spec;
uses svr4++ format as underlying implementation;
format is uuencoded .tar.Z file;
unsupported, use at own risk, etc.;
see "fine print" in the file headers
-------------------------------------------------------------------
other source code:
-------------------------------------------------------------------
svr4prep.uue 135 C source code for reference implementation
of preprocessor for converting SunOS BSM
audit trails to svr4++ format;
format is uuencoded .tar.Z file;
unsupported, use at own risk, etc.;
see "fine print" in the file headers;
note that this is for rev 1.0 of svr4++ spec,
NOT the current one.
audit_level.sh 1 Bourne shell script for use on IBM AIX 3.2.5
to check for presence of IBM patch required
for operation of Stalker software;
format is ASCII file.
-------------------------------------------------------------------
About uuencoded files:
-------------------------------------------------------------------
The Unix uuencode/uudecode utilities are often used on the Internet
to make non-ASCII files into ASCII files (that is done by uuencode),
or convert uuencoded ASCII files back into their original binary
formats (that is done by uudecode). If you do not have uuencode
and uudecode on your non-Unix machine, either locate a colleague
with a Unix workstation or contact Haystack Labs for hardcopy.
-------------------------------------------------------------------
-------------------------------------------------------------------
Copyright (c) 1994-1995 by Haystack Labs, Inc. All rights reserved.
Stalker is a registered trademark of Haystack Labs, Inc. All other
trademarks belong to their respective owners. Specifications subject
to change without notice.
>i suppose you could try stalker and netstalker from haystack labs
>in austin.
>
>stalker doesn't use syslog. it uses the c2 audit trail.
>
>>