Index of /ports_security/rid
Name Last modified Size
![[DIR]](/icons/back.gif)
Parent Directory -
![[ ]](/icons/unknown.gif)
Makefile 03-Oct-2008 11:55 947
distinfo 25-Nov-2005 21:01 168
![[DIR]](/icons/folder.gif)
files/ 25-Dec-2006 04:06 -
![[TXT]](/icons/text.gif)
pkg-descr 14-Feb-2000 05:59 608
pkg-plist 03-Oct-2008 11:55 176
RID - Remote Intrusion Detection
--------------------------------
RID is a configurable tool which uses intrusion fingerprints to track down
compromised hosts. RID can remotely detect Stacheldraht, TFN, Trinoo and TFN2k
if the attacker did not change the default ports.
After a compromise, this information can often be turned into a "fingerprint"
of the intrusion. RID is designed to be capable of accurately specifying this
"fingerprint" with little knowledge of network programming.
RID is based off an extension of ngrep (network grep). It is different because
it extends ngrep into a probing tool.