| COPYING | 2002/03/21 | 18,081 | The GNU license (from the tar file) |
| README.nimhunt | 2002/03/29 | 1,360 | what nimhunt's for, and how to install (from the tar file) |
| nimhunt-2.2.tar | 2002/03/21 | 40,960 | |
| nimhunt-2.3.tar | 2002/03/29 | 40,960 | |
| nimhunt.tar | 2002/03/29 | 40,960 | nimhunt scripts (autocomplains about nimda-type scans) |
| nimhunt2.2/ | 2002/03/21 | 512 | |
| nimhunt2.3/ | 2002/03/21 | 512 | |
| peelhead | 2002/11/20 | 2,812 | reads a unix format mailbox and produces a list of where email originated from. Requires variable setup |
| Nimhunt is a program which watches for suspicious port 80 scans. When it finds one, it automails a complaint to the people named in the scamlog script. |
|||
| Make sure to configure scamlog before you start using it. | |||
| Nimhunt works by using tcpdump to scan incomming packets. | |||
| Port 80 packets to the local network are checked for a time pattern. If enough connections occur from one address in a short period of time, then the html logs are checked, and a report is generated | |||
| If logs indicate suspicious activity, then mail can also be generated to the responsible domain (activated by the 'AutoMail' variable in scamlog'). | |||