Thanks for showing up! This is one of the mirror sites holding my software. The packages here are either ones I've written or ones I package for someone else ("RPMs" in the description).
Please note that these are not all complete packages. Some of them are simple scripts that I use, with little in the way of documentation or installation routines.
For a complete list of all files, see filelist.html.
If you'd only like the most current rpms of the software I write, see neweststable.
|apply-quilt-patches||Applies all the patches in a quilt collection to a source tree.||apptrace||This straces any app, however it's called. Useful for daemons, startup scripts and any tools you don't call directly. See doc/apptrace.v0.1.html for an article on its use.|
|askfirst||Shell function to ask the user if they want to run a particular command. Handles sudo.|
|blockrules||Create iptables, ipchains, ipfwadm, IOS, ipfilter, and snort block rules for specified traffic. Can be run as a cgi script; see http://www.incidents.org/cgi-bin/blockrules for a demo.|
|buildkernel||This builds a linux kernel from scratch.|
|checkformail / mail||Mail handling scripts and info.|
|defragfile||(Untested) script for defragmenting files on a Linux system.|
|detectlib||This library and associated frontends detect and remove worms from a Linux system. Adorefind, Ramenfind, XCfind and Lionfind are here.|
|dibs||Perl script that sends a second copy of all icmp unreachables to a collector machine. Designed for the DIBS project, a project that detects worm activity from the unreachables caused by worms probing for non-existant machines.|
|diffsplit||Breaks up diffs/patches into their component files.|
|dns-check||A script that compares dns records to stored copies. Allows you to verify that your dns servers are not handing out incorrect data.|
|doc||Here are the (generally security related) papers I've written over the last few years.|
|fanout||This tool will run commands on multiple machines at the same time via ssh.|
|Documents and scripts about the UML Coop project (see also slartibartfast, the existing Coop.|
|firebricks||(Now called modwall, please update any bookmarks) A set of independent firewall modules that can be inserted into an existing firewall.|
|fist||Stackable filesystem templates, currently just logeventfs. See the fist home page for more info on fist.|
|filldisk||Fills a disk with a repeating string to overwrite deleted files and exercise the drives block checking ability.|
|freedups||This frees up space on Linux filesystems by hardlinking identical files.|
|freeze||This halts all the running applications on a Linux system, while leaving the current console running so the analyst can continue to perform forensic analysis of an attacked system.|
|hack||A wrapper around your favourite editor that saves dated backups of the file, among other things.|
|html2sgml||A simple converter from html to sgml.|
|htmlfilelist||Create an html format file listing for a directory. Used on this site - see filelist.html for sample output.|
|hostlookup||Looks up the hostnames of IPs given on the command line or on stdin.|
|i2i||The firewall conversion routines, ipfwadm2ipchains and ipchains2iptables.|
|icons||A collection of icons.|
|indebug||Debugging tool for the Intermezzo project.|
|ipchains2iptables||Converts an ipchains (2.2 kernel) firewall into an iptables (2.4 kernel) firewall. Because of the structural differences between the two types of firewalls, this program will do as much as it can, but only provides a starting point.|
|ipfwadm2ipchains||This converts an ipfwadm (2.0 kernel) firewall into an ipchains (2.2 kernel) firewall.|
|ipt_dsize||An iptables match module to allow one to match the length of the data portion of the packet without the IP and protocol header.|
|livedrives||Just lists the physical ide and scsi drives on a system.|
|mason||The Mason automatic firewall builder for linux.|
|mirror||Tools for managing a software repository mirror.|
|mkrootfs||Makes root filesystems for User Mode Linux.|
|modwall||A set of independent firewall modules that can be inserted into an existing firewall.|
|moveuser||Moves a user to a new UID (and optionally GID). Use with caution.|
|netreply||Perl script that sends back an echo reply for echo requests. Useful for letting your attackers think that non-existant machines exist. :-)|
|neweststable||All of the RPMs for software I write.|
|noads||Block ads with the jesred squid redirector.|
|openmail||Opens up a mail folder with pine.|
|padip||Pads out an IP address to nnn.nnn.nnn.nnn format|
|patches||Miscellaneous patches I wrote or modified and sent off to Linux developers|
|pcap||BPF / pcap packet capture files.|
|pom26convert||Converts the netfilter patch-o-matic 2.4 config.in and .configure.help files over to the 2.6 kernel's Kconfig format.|
|pomlist||Creates a hypertext listing of all the netfilter patch-o-matic modules.|
|portstatus||Checks to see if specified ports on a system are responding.|
|randomsig||Create a random signature with different quotes, some included.|
|razor-caching-proxy||A caching proxy for the Razor spam filtering system.|
|redhat||Spec file template.|
|routeprobe||Checks for rogue routers - masquerading or straight routing - on a LAN.|
|rsync-backup||This tool allows for secure backups via rsync, ssh and chroot.|
|rsync-mirror||A simple wrapper script for mirroring directories between machines.|
|sa-blacklist||A blacklist of sender addresses for Spamassassin.|
|A library of shell functions used by some of the other tools.|
|shun||Program that blocks all communication with given IP's on an iptables or ipchains capable host.|
|snort2iptables||Converts rules in the snort rulebase over to iptables firewall rules.|
|socketwatch||Listen for incoming connections on a given port and immediately block the person scanning it.|
|ssh-keyinstall||Automates the creation and installation of ssh keys.|
|Documents and scripts about the UML Coop project (see also ford, the upcoming 64 bit Coop.|
|staticiso||An ISO image of statically linked binaries, good for forensics and system recovery.|
|syncapture||Script to capture syn packets for later analysis. Useful for p0f.|
|tcpsed||Perl app to replace fields in a pcap file.|
|tunnel||Scripts to help set up ip tunneling.|
|uml||Patches and files for the User-Mode Linux project.|
|uml-root||Root filesystems for the User-Mode Linux project. Note these are only at www.stearns.org.|
|vmod||Virtual Machine On Demand - a script that will eventually automatically start and stop User-Mode Linux virtual machines based on load. In progress, not much yet.|
|dnstop||RPMs.||http://dnstop.measurement-factory.com/ and http://www.caida.org/tools/utilities/dnstop/|
|gkrellm||RPMs.||http://web.wt.net/~billw/gkrellm and http://freshrpms.net/|
|nc||statically compiled RPMs - please read the readme first.|
|pdumpq||RPMs. Accepts packets from netfilter and outputs them in libpcap format||http://rouxdoo.freeshell.org/dmn/pdumpq/|
|perl||RPMs for some perl modules|
|rain||Packet creation tool RPMS.||http://www.tenebrous.com/rain/|
|razor-agents||RPMS of the Razor spam filtering agents.||http://razor.sourceforge.net|
|rnl||File sharing tool RPMS.||http://rootnode.org|
|rsync-static||A statically linked version of the rsync package.||http://rsync.samba.org/|
I have some additional old / unmaintained projects and rpms as well.
I gave a webcast on ssh in September 2003 (follow that link to hear it anytime). Many thanks to Sans and VanDyke software for sponsoring it.
I also gave a webcast on Spam in February 2004 (again, available for listening anytime). Many thanks to Sans and Mailfrontier for sponsoring it.
Here's an interview about Internet Security that showed up on New Hampshire Public TV's Outlook program. Jump 6 minutes, 40 seconds in.
Julie Bresnick of Newsforge wrote an article about my work on open source programs. Thanks, Julie.
If you need to get a hold of me, try:
I have a diary running. I expect to update irregularly, when something interesting happens.
Here's my pgp key. I'd strongly suggest that you download this from more than one of the mirror sites and compare the two (so you can't be fooled if one of the mirror sites gets hacked). This key has not changed since 1998. It can also be found on the public key servers, such as the one at MIT.
This key is used to sign any rpms I build.
Here are some funny images and files.
Here's the cruise my wife and I took in August, 2001.
Finally, a few shots of me waterskiing on Lake Sunapee in New
Last edited: 5/11/2006
Best viewed with something that can show web pages... <grin>Please don't email the following address - it's part of a study: email@example.com